CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6975
https://notcve.org/view.php?id=CVE-2017-6975
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior. Wi-Fi en Apple iOS en versiones anteriores a 10.3.1 no evita la explotación de desbordamiento de búfer de pila de la CVE-2017-6956 a través de un punto de acceso manipulado. NOTA: dado que un sistema operativo podría potencialmente aislarse de la explotación de CVE-2017-6956 sin parches de funciones de firmware de Broadcom, hay un CVE ID independiente para el comportamiento del sistema operativo. • http://seclists.org/fulldisclosure/2019/May/24 http://www.securityfocus.com/bid/97328 http://www.securitytracker.com/id/1038172 https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html https://seclists.org/bugtraq/2019/May/30 https://support.apple.com/HT207688 https://support.apple.com/kb/HT210121 https://twitter.com/4Dgifts/status/849268365457850370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2484
https://notcve.org/view.php?id=CVE-2017-2484
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Phone". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-2423
https://notcve.org/view.php?id=CVE-2017-2423
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. macOS en versiones anteriores a 10.12.4 está afectado. El problema involucra al componente "Security". • http://www.securityfocus.com/bid/97147 http://www.securitytracker.com/id/1038138 https://support.apple.com/HT207615 https://support.apple.com/HT207617 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 1CVE-2017-2468 – Apple WebKit - 'Document::adoptNode' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2468
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41868 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 1CVE-2017-2469 – Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-2469
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • https://www.exploit-db.com/exploits/41869 http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •