CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 3CVE-2017-7089 – Webkit (Safari) - Universal Cross-site Scripting
https://notcve.org/view.php?id=CVE-2017-7089
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. Se ha descubierto un problema en ciertos productos Apple. • https://www.exploit-db.com/exploits/45866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2017-7110 – Apple Security Advisory 2017-09-20-2
https://notcve.org/view.php?id=CVE-2017-7110
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11, las versiones de tvOS anteriores a la 11 y las version... • http://www.securityfocus.com/bid/100927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7097 – Apple Security Advisory 2017-10-31-9
https://notcve.org/view.php?id=CVE-2017-7097
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2017-7108 – Apple Security Advisory 2017-09-20-2
https://notcve.org/view.php?id=CVE-2017-7108
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11, las versiones de tvOS anteriores a la 11 y las version... • http://www.securityfocus.com/bid/100927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7085 – Apple Security Advisory 2017-09-25-3
https://notcve.org/view.php?id=CVE-2017-7085
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/100895 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2017-7105 – Apple assembleBGScanResults Heap Overflow
https://notcve.org/view.php?id=CVE-2017-7105
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11, las versiones de tvOS anteriores a la 11 y las version... • http://www.securityfocus.com/bid/100927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7088 – Apple Security Advisory 2017-10-31-9
https://notcve.org/view.php?id=CVE-2017-7088
20 Sep 2017 — An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100892 • CWE-275: Permission Issues •
CVSS: 7.9EPSS: 0%CPEs: 30EXPL: 0CVE-2017-14315 – Apple Security Advisory 2019-5-13-6
https://notcve.org/view.php?id=CVE-2017-14315
12 Sep 2017 — In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" v... • http://seclists.org/fulldisclosure/2019/May/24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2278
https://notcve.org/view.php?id=CVE-2017-2278
02 Aug 2017 — The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Las versiones 2.0.3 y anteriores de la aplicación RBB SPEED TEST App para Android, así como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que reali... • http://www.iid.co.jp/information/170714.html • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 52%CPEs: 7EXPL: 2CVE-2017-7042 – WebKit - 'WebCore::InputType::element' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-7042
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un error en ciertos productos de Apple. • https://packetstorm.news/files/id/143486 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •