CVE-2018-4088
https://notcve.org/view.php?id=CVE-2018-4088
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/102775 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 https://support.apple.com/HT208473 https://support.apple.com/HT208474 https://support.apple.com/HT208475 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4093
https://notcve.org/view.php?id=CVE-2018-4093
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2.5, las versiones de macOS anteriores a la 10.13.3, las versiones de tvOS anteriores a la 11.2.5 y las versiones de watchOS anteriores a la 4.2.2 se han visto afectadas. • http://www.securityfocus.com/bid/102782 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7160 – Apple Safari FTL JIT Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7160
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://support.apple.com/HT208324 https://support.apple.com/HT208326 https://support.apple.com/HT208327 https://support.apple.com/HT208328 https://support.apple.com/HT208334 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7154 – macOS - 'process_policy' Stack Leak Through Uninitialized Field
https://notcve.org/view.php?id=CVE-2017-7154
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2 y las versiones de tvOS anteriores a la 11.2 se han visto afectadas. • https://www.exploit-db.com/exploits/43521 http://www.securityfocus.com/bid/103134 https://support.apple.com/HT208327 https://support.apple.com/HT208331 https://support.apple.com/HT208334 • CWE-20: Improper Input Validation •
CVE-2017-7152
https://notcve.org/view.php?id=CVE-2017-7152
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2 se han visto afectadas. • http://seclists.org/fulldisclosure/2019/Oct/49 http://seclists.org/fulldisclosure/2019/Oct/54 http://seclists.org/fulldisclosure/2019/Oct/56 https://support.apple.com/HT208334 https://support.apple.com/kb/HT210721 https://support.apple.com/kb/HT210722 https://support.apple.com/kb/HT210724 •