CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20159 – rf Keynote rumble.rb cross site scripting
https://notcve.org/view.php?id=CVE-2017-20159
A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. • https://github.com/rf-/keynote/commit/05be4356b0a6ca7de48da926a9b997beb5ffeb4a https://github.com/rf-/keynote/releases/tag/v1.0.0 https://vuldb.com/?ctiid.217142 https://vuldb.com/?id.217142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2391
https://notcve.org/view.php?id=CVE-2017-2391
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/97126 http://www.securitytracker.com/id/1038134 http://www.securitytracker.com/id/1038135 http://www.securitytracker.com/id/1038136 https://support.apple.com/HT207595 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7032
https://notcve.org/view.php?id=CVE-2015-7032
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. La aplicación Apple iWork en versiones anteriores a 2.6 para iOS, Apple Keynote en versiones anteriores a 6.6, Apple Pages en versiones anteriores a 5.6 y Apple Numbers en versiones anteriores a 3.6 permite a atacantes remotos obtener información sensible a través de un documento manipulado. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html http://www.securitytracker.com/id/1033823 http://www.securitytracker.com/id/1033825 http://www.securitytracker.com/id/1033826 https://support.apple.com/HT205373 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0CVE-2015-7033
https://notcve.org/view.php?id=CVE-2015-7033
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. La aplicación Apple iWork en versiones anteriores a 2.6 para iOS, Apple Keynote en versiones anteriores a 6.6, Apple Pages en versiones anteriores a 5.6 y Apple Numbers en versiones anteriores a 3.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un documento manipulado. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html http://www.securitytracker.com/id/1033823 http://www.securitytracker.com/id/1033825 http://www.securitytracker.com/id/1033826 https://support.apple.com/HT205373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3784
https://notcve.org/view.php?id=CVE-2015-3784
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerabilidad en Office Viewer en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos leer archivos arbitrarios a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionada con un problema de entidad externa XML (XXE). • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/HT205373 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •