CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2549
https://notcve.org/view.php?id=CVE-2017-2549
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6987
https://notcve.org/view.php?id=CVE-2017-6987
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • http://www.securityfocus.com/bid/98468 http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 https://support.apple.com/HT207798 https://support.apple.com/HT207800 https://support.apple.com/HT207801 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 14%CPEs: 3EXPL: 1CVE-2017-2536 – Apple Safari Spread Operator Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2536
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://www.exploit-db.com/exploits/42125 http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 3EXPL: 1CVE-2017-2531 – WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
https://notcve.org/view.php?id=CVE-2017-2531
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://www.exploit-db.com/exploits/42104 http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2530 – Apple Safari Element Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2530
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha detectado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • http://www.securityfocus.com/bid/98455 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207803 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •