CVE-2017-2471 – Apple WebKit - 'table' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2471
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41813 http://www.securityfocus.com/bid/97133 http://www.securitytracker.com/id/1038137 https://bugs.chromium.org/p/project-zero/issues/detail?id=1105 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207602 https://support.apple.com/HT207617 • CWE-416: Use After Free •
CVE-2017-2367 – Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
https://notcve.org/view.php?id=CVE-2017-2367
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41801 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 •
CVE-2017-2446 – Apple Safari - 'DateTimeFormat.format' Type Confusion
https://notcve.org/view.php?id=CVE-2017-2446
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41741 https://www.exploit-db.com/exploits/41742 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://bugs.chromium.org/p/project-zero/issues/detail?id=1032 https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 •
CVE-2017-2389
https://notcve.org/view.php?id=CVE-2017-2389
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97129 http://www.securitytracker.com/id/1038137 https://support.apple.com/HT207600 https://support.apple.com/HT207617 •
CVE-2017-2445 – Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2445
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41802 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •