CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 1CVE-2017-6979 – Apple iOS < 10.3.1 - Kernel
https://notcve.org/view.php?id=CVE-2017-6979
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://www.exploit-db.com/exploits/42555 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-2513 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-2513
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. Un problema fue descubierto en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior ... • http://www.securityfocus.com/bid/98468 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2549 – Apple Security Advisory 2017-05-15-3
https://notcve.org/view.php?id=CVE-2017-2549
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • http://www.securityfocus.com/bid/98473 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-6991 – Apple Safari WebSQL Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-6991
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. macOS anterior a versión 10.12.5 está afectado. El problema involucra el componente "SQLite". • http://www.securitytracker.com/id/1038484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2501 – Apple macOS/iOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
https://notcve.org/view.php?id=CVE-2017-2501
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://packetstorm.news/files/id/142646 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-2518 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2017-2518
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. macOS anterior a la versi... • http://www.securityfocus.com/bid/98468 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 4%CPEs: 3EXPL: 2CVE-2017-2504 – Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2504
15 May 2017 — An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://packetstorm.news/files/id/142662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-2491 – Apple Safari String replace Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2491
04 May 2017 — Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. Una vulnerabilidad de uso de la memoria previamente liberada en el método String.replace de JavaScriptCore en Apple Safari en iOS anterior a la versión 10.3, permite a atacantes remotos ejecutar código arbitrario por medio de una página web especialmente diseñada, o un archivo especialmente diseñado. This vuln... • https://www.exploit-db.com/exploits/41964 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1776
https://notcve.org/view.php?id=CVE-2010-1776
24 Apr 2017 — Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. Find My iPhone en iOS 2.0 hasta la versión 3.1.3 para iPhone 3G y posteriores e iOS 2.1 hasta la versión 3.1.3 para iPod touch (segunda generación) y posteriores, cuando Find My iPhone está deshabilitado, permite a usuarios remotos autenticados con una cue... • https://support.apple.com/en-us/HT4225 • CWE-254: 7PK - Security Features •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6975 – Apple Security Advisory 2019-5-13-6
https://notcve.org/view.php?id=CVE-2017-6975
03 Apr 2017 — Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior. Wi-Fi en Apple iOS en versiones anteriores a 10.3.1 no evita la explotación de desbordamiento de búfer de pila de la CVE-2017-6956 a través de un punto de acceso manipulado. NOTA... • http://seclists.org/fulldisclosure/2019/May/24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •