Page 8 of 40 results (0.012 seconds)

CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 1

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. • https://www.exploit-db.com/exploits/41213 http://www.securityfocus.com/bid/95727 http://www.securitytracker.com/id/1037668 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207482 https://support.apple.com/HT207484 https://support.apple.com/HT207485 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.6EPSS: 0%CPEs: 33EXPL: 0

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. El componente Data Security en Apple iOS anterior a v5 y Apple TV anterior a v4.4 no restringe correctamente el uso del algoritmo de hash MD5 en los certificados X.509, lo que hace que sea más fácil para atacante de "hombre en medio" falsificar servidores u obtener información sensible a través de un certificado especialmente diseñado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://osvdb.org/76326 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 https://exchange.xforce.ibmcloud.com/vulnerabilities/70547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 3%CPEs: 33EXPL: 0

The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. El kernel de iOS de Apple anterior a la v5 y Apple TV anterior a v4.4 no recuperan correctamente memoria asignada para conexiones TCP incompletas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos), mediante un un elevado número de intentos de conexión. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 http://www.securityfocus.com/bid/50087 https://exchange.xforce.ibmcloud.com/vulnerabilities/70530 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 3%CPEs: 38EXPL: 0

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. Wi-Fi de Apple iOS antes de v4.3 y Apple TV antes de v4.2 no lleva a cabo todas comprobación de límites para los marcos de Wi-Fi, lo que permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de tráfico sin especificar en la red inalámbrica local. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 http://www.securityfocus.com/bid/46813 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/65998 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. La funcionalidad de configuración automática de direcciones sin estado (también conocido como SLAAC) en la aplicación de redes IPv6 en Apple iOS antes de v4.3 y Apple TV antes de v4.2 los lugares situan la dirección MAC en la dirección IPv6, lo cual lo hace más fácil para los servidores remotos IPv6 rastrear a los usuarios por el registro fuente de direcciones IPv6. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •