CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 1CVE-2017-6979 – Apple iOS < 10.3.1 - Kernel
https://notcve.org/view.php?id=CVE-2017-6979
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://www.exploit-db.com/exploits/42555 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-2513 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-2513
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. Un problema fue descubierto en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior ... • http://www.securityfocus.com/bid/98468 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2549 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-2549
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • http://www.securityfocus.com/bid/98473 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2501 – Apple macOS/iOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
https://notcve.org/view.php?id=CVE-2017-2501
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://packetstorm.news/files/id/142646 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-2518 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-2518
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. macOS anterior a la versi... • http://www.securityfocus.com/bid/98468 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 4%CPEs: 3EXPL: 2CVE-2017-2504 – Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2504
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://packetstorm.news/files/id/142662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2490 – Apple macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device
https://notcve.org/view.php?id=CVE-2017-2490
02 Apr 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está af... • https://packetstorm.news/files/id/141983 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 1CVE-2017-2479 – Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element
https://notcve.org/view.php?id=CVE-2017-2479
28 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41866 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-2463 – Apple Safari RenderBox Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2463
28 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 e... • http://www.securityfocus.com/bid/97176 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2435 – Apple Security Advisory 2017-03-27-5
https://notcve.org/view.php?id=CVE-2017-2435
27 Mar 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10... • http://www.securityfocus.com/bid/97137 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •