CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2017-7038
https://notcve.org/view.php?id=CVE-2017-7038
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. Se ha descubierto un problema de Cross-Site Scripting (XSS) de DOMParser en ciertos productos de Apple. Las versiones anteriores a la 10.3.3 de iOS se han visto afectadas, así como Safari en versiones anteriores a la 10.1.2 y tvOS en versiones anteriores a la 10.2.2. • https://github.com/ansjdnakjdnajkd/CVE-2017-7038 http://www.securityfocus.com/bid/99888 http://www.securitytracker.com/id/1038950 https://security.gentoo.org/glsa/201710-14 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 1CVE-2017-7046 – WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
https://notcve.org/view.php?id=CVE-2017-7046
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 se ve afectado. • https://www.exploit-db.com/exploits/42365 http://www.securityfocus.com/bid/99885 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 https://support.apple.com/HT207927 https://support.apple.com/HT207928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 8%CPEs: 6EXPL: 1CVE-2017-7043 – WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-7043
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un error en ciertos productos de Apple. • https://www.exploit-db.com/exploits/42361 http://www.securityfocus.com/bid/99885 http://www.securitytracker.com/id/1038950 https://security.gentoo.org/glsa/201710-14 https://support.apple.com/HT207921 https://support.apple.com/HT207923 https://support.apple.com/HT207924 https://support.apple.com/HT207927 https://support.apple.com/HT207928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7058
https://notcve.org/view.php?id=CVE-2017-7058
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen. Se detectó un problema en ciertos productos de Apple. iOS anterior a la versión 10.3.3 está afectado. El problema involucra el componente "Notifications". • http://www.securityfocus.com/bid/99891 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2517
https://notcve.org/view.php?id=CVE-2017-2517
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Se detectó un problema en ciertos productos de Apple. iOS anterior a la versión 10.3.3 está afectado. El problema involucra el componente "Safari". • http://www.securityfocus.com/bid/99891 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207923 • CWE-20: Improper Input Validation •