CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-8248
https://notcve.org/view.php?id=CVE-2017-8248
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. Podría ocurrir un desbordamiento de búfer al procesar un mensaje NAS descendiente en Qualcomm Telephony tal y como se emplea en Apple iPhone 5 y siguientes, iPad 4th generation y siguientes, y iPod touch 6th generation. • http://seclists.org/fulldisclosure/2017/Jul/34 http://www.securityfocus.com/bid/106128 http://www.securityfocus.com/bid/99891 http://www.securitytracker.com/id/1038950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2278
https://notcve.org/view.php?id=CVE-2017-2278
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Las versiones 2.0.3 y anteriores de la aplicación RBB SPEED TEST App para Android, así como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que realicen Man-in-the-Middle (MitM) suplantar servidores y obtener información sensible utilizando un certificado manipulado. • http://www.iid.co.jp/information/170714.html https://jvn.jp/en/jp/JVN24238648/index.html • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-7055
https://notcve.org/view.php?id=CVE-2017-7055
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 se ve afectado. • http://www.securityfocus.com/bid/99885 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 https://support.apple.com/HT207927 https://support.apple.com/HT207928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 1CVE-2017-7061 – WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization
https://notcve.org/view.php?id=CVE-2017-7061
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a10.3.3 se ve afectado. • https://www.exploit-db.com/exploits/42666 http://www.securityfocus.com/bid/99885 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 https://support.apple.com/HT207927 https://support.apple.com/HT207928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2017-7038
https://notcve.org/view.php?id=CVE-2017-7038
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. Se ha descubierto un problema de Cross-Site Scripting (XSS) de DOMParser en ciertos productos de Apple. Las versiones anteriores a la 10.3.3 de iOS se han visto afectadas, así como Safari en versiones anteriores a la 10.1.2 y tvOS en versiones anteriores a la 10.2.2. • https://github.com/ansjdnakjdnajkd/CVE-2017-7038 http://www.securityfocus.com/bid/99888 http://www.securitytracker.com/id/1038950 https://security.gentoo.org/glsa/201710-14 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •