CVE-2017-2489

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2017-6974

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the “System Integrity Protection” component. It allows attackers to modify the contents of a protected disk location via a crafted app.

CVE-2017-2490

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a …

CVE-2017-7387

TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter).

CVE-2017-7386

citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter).

CVE-2017-7395

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

CVE-2017-7394

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

CVE-2017-7393

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

CVE-2017-7392

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.

CVE-2017-7391

A Cross-Site Scripting (XSS) was discovered in ‘Magmi 0.7.22’. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the ‘magmi-git-master/magmi/web/ajax_gettime.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.