CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2400
https://notcve.org/view.php?id=CVE-2017-2400
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "SafariViewController". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2384
https://notcve.org/view.php?id=CVE-2017-2384
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra el manejo incorrecto de eliminación dentro del subsistema SQLite del componente "Safari". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2399
https://notcve.org/view.php?id=CVE-2017-2399
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Pasteboard". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2380
https://notcve.org/view.php?id=CVE-2017-2380
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3 está afectado. • http://www.securityfocus.com/bid/97138 https://support.apple.com/HT207617 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2404
https://notcve.org/view.php?id=CVE-2017-2404
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Quick Look". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload •