CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2462 – Apple macOS M4A Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2462
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "Audio". • http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 http://zerodayinitiative.com/advisories/ZDI-17-189 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2417
https://notcve.org/view.php?id=CVE-2017-2417
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. tvOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.2 está afectado. El problema involucra al componente "CoreGraphics". • http://www.securityfocus.com/bid/97137 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207601 https://support.apple.com/HT207602 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 2%CPEs: 3EXPL: 1CVE-2017-2367 – Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
https://notcve.org/view.php?id=CVE-2017-2367
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41801 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 •
CVSS: 8.8EPSS: 23%CPEs: 3EXPL: 2CVE-2017-2446 – Apple Safari - 'DateTimeFormat.format' Type Confusion
https://notcve.org/view.php?id=CVE-2017-2446
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41741 https://www.exploit-db.com/exploits/41742 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://bugs.chromium.org/p/project-zero/issues/detail?id=1032 https://doar-e.github.io/blog/2018/07/14/cve-2017-2446-or-jscjsglobalobjectishavingabadtime https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-2445 – Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2445
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41802 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •