CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-4088
https://notcve.org/view.php?id=CVE-2018-4088
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/102775 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 https://support.apple.com/HT208473 https://support.apple.com/HT208474 https://support.apple.com/HT208475 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 15%CPEs: 4EXPL: 1CVE-2018-4089 – WebKit - 'detachWrapper' Use-After-Free
https://notcve.org/view.php?id=CVE-2018-4089
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • https://www.exploit-db.com/exploits/43937 http://www.securityfocus.com/bid/102778 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208465 https://support.apple.com/HT208475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-4096
https://notcve.org/view.php?id=CVE-2018-4096
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/102775 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040266 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465 https://support.apple.com/HT208473 https://support.apple.com/HT208474 https://support.apple.com/HT208475 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7160 – Apple Safari FTL JIT Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7160
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://support.apple.com/HT208324 https://support.apple.com/HT208326 https://support.apple.com/HT208327 https://support.apple.com/HT208328 https://support.apple.com/HT208334 https://usn.ubuntu.com/3551-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17821
https://notcve.org/view.php?id=CVE-2017-17821
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. WTF/wtf/FastBitVector.h en WebKit, tal y como viene distribuido en Safari Technology Preview Release 46, permite que los atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer) o posiblemente otro impacto porque llama a la función FastBitVectorWordOwner::resizeSlow (en WTF/wtf/FastBitVector.cpp) para un propósito diferente que inicializar un tamaño bitvector, y resizeSlow gestiona de manera incorrecta los casos en los que la longitud antigua del array es mayor que la nueva. • https://bugs.webkit.org/show_bug.cgi?id=181020 https://github.com/dwfault/PoCs/blob/master/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •