CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7055 – Apple Security Advisory 2017-07-19-1
https://notcve.org/view.php?id=CVE-2017-7055
20 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.... • http://www.securityfocus.com/bid/99885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7052 – Apple Safari Frame Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7052
19 Jul 2017 — An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.... • http://www.securityfocus.com/bid/99885 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 2%CPEs: 10EXPL: 0CVE-2017-11103 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2017-11103
13 Jul 2017 — Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimd... • http://www.debian.org/security/2017/dsa-3912 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 7%CPEs: 3EXPL: 4CVE-2017-7005 – WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions
https://notcve.org/view.php?id=CVE-2017-7005
15 Jun 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://packetstorm.news/files/id/142968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2017-7004 – Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
https://notcve.org/view.php?id=CVE-2017-7004
12 Jun 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • https://packetstorm.news/files/id/142891 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7001 – Apple Safari WebSQL offsets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7001
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7000 – Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7000
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7002 – Apple Safari WebSQL matchinfo Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7002
30 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98773 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-2493 – WebKit HTMLObjectElement::updateWidget Universal XSS
https://notcve.org/view.php?id=CVE-2017-2493
25 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. Se ha descubierto un problema en algunos productos Apple. • https://packetstorm.news/files/id/142660 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 2CVE-2017-2522 – Apple macOS/iOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
https://notcve.org/view.php?id=CVE-2017-2522
22 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. macOS anterior a la versió... • https://packetstorm.news/files/id/142648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •