CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4707 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4707
20 Sep 2016 — CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente la eliminación de Local Storage, lo que permite a usuarios locales descubrir los sitios web visitados por usuarios arbitrarios a través de vectores no especificados. A large number of security issues were... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 0CVE-2016-4708 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4708
20 Sep 2016 — CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. CFNetwork en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no analiza correctamente la gramática de la cabecera Set-Cookie, lo que permite a atacantes remotos obtener información sensible a trav... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4711 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4711
20 Sep 2016 — CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. Crypt en corecrypto en CommonCrypto en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes descubrir información en texto plano aprovechando una llamada a una función que especifica el mismo búfer para entrada y salida. The iOS 10 advisory has been u... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4712 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4712
20 Sep 2016 — CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. CoreCrypto en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario o provocar una denegación de servicio (escritura fuera de rango) a través de una app manipulad... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-4718 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4718
20 Sep 2016 — Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. Desbordamiento de búfer en FontParser en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria a través de una fuente de arch... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 2%CPEs: 2EXPL: 0CVE-2016-4722 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4722
20 Sep 2016 — The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. El componente IDS - Connectivity en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes man-in-the-middle llevar a cabo ataques de suplantación Call Relay y provocar una denegación de servicio a través de vectores no especificados. The iOS 10 advisory has bee... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4724 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4724
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través a de una app manipulada. The iOS 10 advisory has be... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4725 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4725
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria o provocar... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4726 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4726
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4727 – Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4727
20 Sep 2016 — IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOThunderboltFamily en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •