CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7066
https://notcve.org/view.php?id=CVE-2017-7066
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.3 y las versiones de tvOS anteriores a la 10.2.2. • https://support.apple.com/HT207923 https://support.apple.com/HT207924 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2017-11121
https://notcve.org/view.php?id=CVE-2017-11121
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. En los chips Wi-Fi Broadcom BCM4355C0 9.44.78.27.0.1.56 y otros chips, se podrían desencadenar desbordamientos internos de la memoria dinámica (heap) del firmware Wi-Fi si se utilizan frames en modo Fast Transition con intinerancia Over-the-Air. Esto conduciría a una denegación de servicio u otros efectos, lo que también se conoce como B-V2017061205. • http://packetstormsecurity.com/files/144329/Broadcom-802.11r-FT-Reassociation-Response-Overflows.html http://www.securityfocus.com/bid/100984 https://bugs.chromium.org/p/project-zero/issues/detail?id=1291 https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html https://source.android.com/security/bulletin/2017-09-01 https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 3CVE-2017-11120 – Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
https://notcve.org/view.php?id=CVE-2017-11120
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. En los chips Wi-Fi Broadcom BCM4355C0 versión 9.44.78.27.0.1.56 y otros chips, un atacante puede crear un frame del RRM Neighbor Report Frame Handler malformadopara desencadenar un desbordamiento interno de búfer en el firmware Wi-Fi, también conocido como B-V2017061204. Broadcom suffers from an out-of-bounds write when handling 802.11k Neighbor Report Response. • https://www.exploit-db.com/exploits/42784 http://packetstormsecurity.com/files/144328/Broadcom-802.11k-Neighbor-Report-Response-Out-Of-Bounds-Write.html http://www.securityfocus.com/bid/100984 https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 https://lists.apple.com/archives/security-announce/2017/Sep/msg00007.html https://lists.apple.com/archives/security-announce/2017/Sep/msg00009.html https://source.android.com/security/bulletin/2017-09-01 https://support.apple.com/HT208112& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7065
https://notcve.org/view.php?id=CVE-2017-7065
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 10.3.3, las versiones de macOS anteriores a la 10.12.6 y las versiones de tvOS anteriores a la 10.2.2 se han visto afectadas. • http://www.securityfocus.com/bid/100655 https://support.apple.com/HT207922 https://support.apple.com/HT207923 https://support.apple.com/HT207924 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2017-7092 – Apple Safari String link Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7092
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • https://github.com/xuechiyaobai/CVE-2017-7092-PoC http://www.securityfocus.com/bid/100994 http://www.securitytracker.com/id/1039384 http://www.securitytracker.com/id/1039428 https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208116 https://support.apple.com/HT208141 https://support.apple.com/HT208142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •