CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7011 – Apple Security Advisory 2017-07-19-1
https://notcve.org/view.php?id=CVE-2017-7011
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. Se ha descubierto un problema en ciertos productos de Apple. • http://www.securityfocus.com/bid/99887 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7055 – Apple Security Advisory 2017-07-19-1
https://notcve.org/view.php?id=CVE-2017-7055
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.... • http://www.securityfocus.com/bid/99885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 4EXPL: 4CVE-2017-7047 – Apple macOS/iOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7047
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 se ve afectado. MacOS versión anterior a 10.12.6 se ve afecta... • https://packetstorm.news/files/id/143624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2017-7064 – WebKit JSC - 'JSArray::appendMemcpy' Uninitialized Memory Copy
https://notcve.org/view.php?id=CVE-2017-7064
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 esta afectado. • https://packetstorm.news/files/id/143479 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7052 – Apple Safari Frame Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7052
19 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.... • http://www.securityfocus.com/bid/99885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 2%CPEs: 10EXPL: 0CVE-2017-11103 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2017-11103
13 Jul 2017 — Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimd... • http://www.debian.org/security/2017/dsa-3912 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 7%CPEs: 3EXPL: 4CVE-2017-7005 – WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
https://notcve.org/view.php?id=CVE-2017-7005
15 Jun 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://packetstorm.news/files/id/142968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2017-7004 – Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
https://notcve.org/view.php?id=CVE-2017-7004
12 Jun 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • https://packetstorm.news/files/id/142891 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7001 – Apple Safari WebSQL offsets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7001
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7000 – Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7000
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •