CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2463 – Apple Safari RenderBox Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2463
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97176 http://www.securitytracker.com/id/1038157 http://zerodayinitiative.com/advisories/ZDI-17-241 https://support.apple.com/HT207599 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207607 https://support.apple.com/HT207617 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2481 – Apple Safari ElementData Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2481
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. • http://www.securityfocus.com/bid/97130 http://www.securitytracker.com/id/1038137 http://zerodayinitiative.com/advisories/ZDI-17-191 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207600 https://support.apple.com/HT207601 https://support.apple.com/HT207617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2384
https://notcve.org/view.php?id=CVE-2017-2384
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra el manejo incorrecto de eliminación dentro del subsistema SQLite del componente "Safari". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2400
https://notcve.org/view.php?id=CVE-2017-2400
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "SafariViewController". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2399
https://notcve.org/view.php?id=CVE-2017-2399
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Pasteboard". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-326: Inadequate Encryption Strength •