Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2017-030
Date(s) Issued: 
Wednesday, March 29, 2017
Subject: 
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, macOS, macOS Server, iCloud for Windows and Safari which could allow for arbitrary code execution. watchOS is the mobile operating system of the Apple Watch and is based on the iOS operating system. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. tvOS is an operating system for the fourth-generation Apple TV digital media player. macOS is Apple's desktop and server operating system for Macintosh computers. macOS Server is a separately sold operating system add-on which provides additional server programs along with management and administration tools for macOS. iCloud is a cloud storage and cloud computing service from Apple. Apple Safari is a web browser available for OS X and Microsoft Windows.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • watchOS Versions prior to 3.2

  • iOS Versions prior to 10.3

  • tvOS Versions prior to 10.2    

  • macOS Versions prior to 10.12.4, 10.11.6, 10.10.5

  • macOS Server Versions prior to 5.3

  • Safari Versions prior to 10.1

  • iCloud for Windows Versions prior to 6.2

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, macOS, macOS Server, iCloud for Windows and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. (CVE-2017-2379)
  • A buffer overflow issue was addressed through improved memory handling. (CVE-2017-2482, CVE-2017-2483)
  • Multiple buffer overflow vulnerabilties that were addressed through improved bounds checking. (CVE-2016-9586, CVE-2017-2451, CVE-2017-2458)
  • A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types. (CVE-2016-0751)
  • A double free issue was addressed through improved memory management. (CVE-2017-2425)
  • A keychain handling issue was addressed through improved keychain item management. (CVE-2017-2385)
  • A logic issue existed in frame handling. This issue was addressed through improved state management. (CVE-2017-2475)
  • A logic issue existed in the handling of frame objects. This issue was addressed with improved state management. (CVE-2017-2445)
  • A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management. (CVE-2017-2446)
  • A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling. (CVE-2017-2413)
  • A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management. (CVE-2017-2431)
  • A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation. (CVE-2016-5636)
  • A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. (CVE-2017-2485)
  • Multiple memory corruption issues were addressed through improved input validation. (CVE-2017-2430, CVE-2017-2377, CVE-2017-2398, CVE-2017-2401, CVE-2017-2405, CVE-2017-2416, CVE-2017-2432, CVE-2017-2433, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2443, CVE-2017-2462, CVE-2017-2467, CVE-2017-2473)
  • Multiple memory corruption issue that were addressed through improved memory handling. (CVE-2017-2392, CVE-2017-2408, CVE-2017-2420, CVE-2017-2422, CVE-2017-2427, CVE-2017-2447, CVE-2017-5029, CVE-2017-2463)
  • A null pointer dereference was addressed through improved input validation. (CVE-2017-2388)
  • A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls. (CVE-2017-2429)
  • A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen. (CVE-2017-2397)
  • A prototype access issue was addressed through improved exception handling. (CVE-2017-2386)
  • A race condition was addressed through improved locking. (CVE-2017-2478)
  • Multiple race conditions that were addressed through improved memory handling. (CVE-2017-2421, CVE-2017-2456)
  • A resource exhaustion issue was addressed through improved input validation. (CVE-2017-2461)
  • A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal. (CVE-2017-2389)
  • A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation. (CVE-2017-2453)
  • A state issue existed in the handling of Home Control. This issue was addressed through improved validation. (CVE-2017-2434)
  • A state management issue was addressed by disabling text input until the destination page loads. (CVE-2017-2376)
  • A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation. (CVE-2016-7056)
  • A type confusion issue was addressed through improved memory handling. (CVE-2017-2415)
  • Multiple use after free issues that were addressed through improved memory management. (CVE-2017-2438, CVE-2017-2441, CVE-2017-2449, CVE-2017-2471, CVE-2017-2472)
  • A validation issue existed in bookmark creation. This issue was addressed through improved input validation. (CVE-2017-2378)
  • A validation issue existed in the handling of page loading. This issue was addressed through improved logic. (CVE-2017-2367)
  • A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. (CVE-2017-2390)
  • A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process. (CVE-2017-6974)
  • An access issue existed in Content Security Policy.  This issue was addressed through improved access restrictions. (CVE-2017-2419)
  • An access issue existed in sudo. This issue was addressed through improved permissions checking. (CVE-2017-2381)
  • An access issue was addressed through improved permissions checking. (CVE-2017-2382)
  • An inconsistent user interface issue was addressed through improved state management. (CVE-2017-2486)
  • An infinite recursion was addressed through improved state management. (CVE-2017-2417)
  • An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management. (CVE-2017-2424)
  • An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling. (CVE-2017-2426)
  • An information leakage issue was addressed through improved state management. (CVE-2017-2418)
  • An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation. (CVE-2017-2414)
  • An input validation issue existed in the kernel. This issue was addressed through improved input validation. (CVE-2017-2410)
  • An insufficient locking issue was addressed with improved state management. (CVE-2017-2452)
  • An integer overflow was addressed through improved input validation. (CVE-2017-2440)
  • An issue existed in clearing Safari cache information from SafariViewController.  This issue was addressed by improving cache state handling. (CVE-2017-2400)
  • An issue existed in iOS allowing for calls without prompting.  This issue was addressed by prompting a user to confirm call initiation. (CVE-2017-2484)
  • An issue existed in profile uninstallation. This issue was addressed through improved cleanup. (CVE-2017-2402)
  • An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup. (CVE-2017-2384)
  • An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI. (CVE-2016-7585)
  • An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt. (CVE-2017-2404)
  • An off-by-one issue was addressed through improved bounds checking. (CVE-2017-2474)
  • An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7. (CVE-2016-3619, CVE-2016-9533, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9539, CVE-2016-9540)
  • Multiple out-of-bounds read issues that were addressed through improved input validation. (CVE-2017-2409, CVE-2017-2439, CVE-2017-2450)
  • An uncontrolled format string issue was addressed through improved input validation. (CVE-2017-2403)
  • An uncontrolled resource consumption issue was addressed through improved regex processing. (CVE-2016-9643)
  • An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation. (CVE-2017-2423)
  • Multiple issues existed in Apache before 2.4.25. These were addressed by updating LibreSSL to version 2.4.25. (CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740, CVE-2016-8743)
  • Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. (CVE-2017-2428)
  • Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4. (CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012)
  • Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30. (CVE-2016-1015, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-9935)
  • Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0. (CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486)
  • Multiple memory corruption issues were addressed through improved input validation. (CVE-2017-2394, CVE-2017-2396, CVE-2016-9642, CVE-2017-2406, CVE-2017-2407, CVE-2017-2444, CVE-2017-2487)
  • Multiple memory corruption issues that were addressed through improved memory handling. (CVE-2017-2395, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2476, CVE-2017-2481)
  • Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. (CVE-2017-2364, CVE-2017-2442)
  • Multiple validation issues were addressed through improved input sanitization. (CVE-2017-2393)
  • Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS. (CVE-2017-2412)
  • Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated. (CVE-2017-2380)
  • The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode. (CVE-2017-2399)
  • A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests. This issue was addressed by adding mod_reqtimeout. (CVE-2007-6750)
  • Under certain circumstances, Secure Transport failed to validate the authenticity of OTR packets. This issue was addressed by restoring missing validation steps. (CVE-2017-2448)
  • A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. (CVE-2017-2383)
  • A validation issue existed in element handling. This issue was addressed through improved validation (CVE-2017-2479, CVE-2017-2480)

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • After appropriate testing, immediately install the patches provided by Apple to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept, or execute files from un-trusted or unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by unknown or un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.
References: 

Apple:

https://support.apple.com/en-us/HT207600

https://support.apple.com/en-us/HT207601

https://support.apple.com/en-us/HT207602

https://support.apple.com/en-us/HT207604

https://support.apple.com/en-us/HT207607

https://support.apple.com/en-us/HT207615

https://support.apple.com/en-us/HT207617

 

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3619

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7585

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9533

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9536

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9537

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9538

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9539

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9540

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9642

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9643

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2367

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2376

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2377

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2378

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2379

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2380

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2381

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2382

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2383

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2384

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2386

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2388

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2389

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2392

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2393

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2394

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2395

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2396

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2397

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2398

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2399

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2401

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2402

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2403

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2404

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2405

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2406

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2407

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2408

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2409

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2410

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2412

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2413

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2416

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2417

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2419

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2420

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2421

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2422

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2423

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2424

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2425

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2426

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2427

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2429

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2431

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2433

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2434

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2436

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2437

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2438

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2440

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2441

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2442

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2443

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2444

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2445

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2446

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2448

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2449

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2451

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2452

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2453

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2454

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2455

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2456

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2457

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2458

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2459

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2460

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2461

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2462

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2463

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2464

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2465

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2466

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2467

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2468

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2469

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2470

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2471

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2472

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2473

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2474

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2475

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2476

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2479

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2480

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2481

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2482

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2483

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2484

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2485

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2486

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2487

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6974