CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2393
https://notcve.org/view.php?id=CVE-2017-2393
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Safari Reader". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2400
https://notcve.org/view.php?id=CVE-2017-2400
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "SafariViewController". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2384
https://notcve.org/view.php?id=CVE-2017-2384
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra el manejo incorrecto de eliminación dentro del subsistema SQLite del componente "Safari". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2399
https://notcve.org/view.php?id=CVE-2017-2399
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode). Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "Pasteboard". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2380
https://notcve.org/view.php?id=CVE-2017-2380
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3 está afectado. • http://www.securityfocus.com/bid/97138 https://support.apple.com/HT207617 • CWE-326: Inadequate Encryption Strength •