Page 388 of 3271 results (0.014 seconds)

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. Una vulnerabilidad de uso de la memoria previamente liberada en el método String.replace de JavaScriptCore en Apple Safari en iOS anterior a la versión 10.3, permite a atacantes remotos ejecutar código arbitrario por medio de una página web especialmente diseñada, o un archivo especialmente diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the String.replace method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.exploit-db.com/exploits/41964 http://www.securityfocus.com/bid/98316 http://www.zerodayinitiative.com/advisories/ZDI-17-321 https://support.apple.com/en-us/HT207617 • CWE-416: Use After Free •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. Find My iPhone en iOS 2.0 hasta la versión 3.1.3 para iPhone 3G y posteriores e iOS 2.1 hasta la versión 3.1.3 para iPod touch (segunda generación) y posteriores, cuando Find My iPhone está deshabilitado, permite a usuarios remotos autenticados con una cuenta MobileMe asociada limpiar el dispositivo. • https://support.apple.com/en-us/HT4225 • CWE-254: 7PK - Security Features •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior. Wi-Fi en Apple iOS en versiones anteriores a 10.3.1 no evita la explotación de desbordamiento de búfer de pila de la CVE-2017-6956 a través de un punto de acceso manipulado. NOTA: dado que un sistema operativo podría potencialmente aislarse de la explotación de CVE-2017-6956 sin parches de funciones de firmware de Broadcom, hay un CVE ID independiente para el comportamiento del sistema operativo. • http://seclists.org/fulldisclosure/2019/May/24 http://www.securityfocus.com/bid/97328 http://www.securitytracker.com/id/1038172 https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html https://seclists.org/bugtraq/2019/May/30 https://support.apple.com/HT207688 https://support.apple.com/kb/HT210121 https://twitter.com/4Dgifts/status/849268365457850370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •