U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.12.2
There are 967 matching records.
Displaying matches 961 through 967.
Vuln ID Summary CVSS Severity
CVE-2017-6458

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

Published: March 27, 2017; 1:59:00 PM -0400 		V3.1: 8.8 HIGH
 V2.0: 6.5 MEDIUM
CVE-2017-2370

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.

Published: February 20, 2017; 3:59:05 AM -0500 		V3.0: 7.8 HIGH
 V2.0: 9.3 HIGH
CVE-2017-2361

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

Published: February 20, 2017; 3:59:05 AM -0500 		V3.0: 6.1 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2017-2360

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

Published: February 20, 2017; 3:59:04 AM -0500 		V3.0: 7.8 HIGH
 V2.0: 9.3 HIGH
CVE-2017-2358

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: February 20, 2017; 3:59:04 AM -0500 		V3.0: 7.8 HIGH
 V2.0: 9.3 HIGH
CVE-2017-2357

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

Published: February 20, 2017; 3:59:04 AM -0500 		V3.0: 3.3 LOW
 V2.0: 4.3 MEDIUM
CVE-2017-2353

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

Published: February 20, 2017; 3:59:04 AM -0500 		V3.0: 7.8 HIGH
 V2.0: 9.3 HIGH