CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2528 – WebKit - CachedFrame does not Detach Openers Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2528
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • https://www.exploit-db.com/exploits/42105 http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-2504 – Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2504
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://www.exploit-db.com/exploits/42064 http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 4EXPL: 1CVE-2017-2521 – WebKit JSC - 'JSObject::ensureLength' ensureLengthSlow Check Failure
https://notcve.org/view.php?id=CVE-2017-2521
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. • https://www.exploit-db.com/exploits/42103 http://www.securityfocus.com/bid/98456 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207800 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2505 – WebKit JSC BindingNode::bindValue Failed Reference Count Increase
https://notcve.org/view.php?id=CVE-2017-2505
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Fue encontrado un problema en algunos productos de Apple. iOS anteriores a la versión 10.3.2 se ven afectados. • http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2498
https://notcve.org/view.php?id=CVE-2017-2498
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. El problema implica el componente "Security". • http://www.securityfocus.com/bid/98479 http://www.securitytracker.com/id/1038485 https://support.apple.com/HT207798 • CWE-295: Improper Certificate Validation •