CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4680 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4680
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra... • http://www.securityfocus.com/bid/93854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 10%CPEs: 4EXPL: 0CVE-2016-4702 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4702
20 Sep 2016 — Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Audio en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 0CVE-2016-4708 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4708
20 Sep 2016 — CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. CFNetwork en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no analiza correctamente la gramática de la cabecera Set-Cookie, lo que permite a atacantes remotos obtener información sensible a trav... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4712 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4712
20 Sep 2016 — CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. CoreCrypto en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario o provocar una denegación de servicio (escritura fuera de rango) a través de una app manipulad... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-4718 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4718
20 Sep 2016 — Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. Desbordamiento de búfer en FontParser en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria a través de una fuente de arch... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4725 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4725
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria o provocar... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4726 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4726
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4737 – Apple Security Advisory 2016-09-20-2
https://notcve.org/view.php?id=CVE-2016-4737
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2016-4738 – Ubuntu Security Notice USN-3271-1
https://notcve.org/view.php?id=CVE-2016-4738
20 Sep 2016 — libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. libxslt en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4753 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4753
20 Sep 2016 — Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no maneja correctamente imágenes de disco indicado, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación ma... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •