CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4611
https://notcve.org/view.php?id=CVE-2016-4611
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad distinta de CVE-2016-4730, CVE-2016-4733, CVE-2016-4734 y CVE-2016-4735. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93057 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4763
https://notcve.org/view.php?id=CVE-2016-4763
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. WKWebView en WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 no verifica correctamente certificados X.509 desde servidores HTTPS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93066 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https://support.apple.com/HT207158 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4767
https://notcve.org/view.php?id=CVE-2016-4767
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4759, CVE-2016-4765, CVE-2016-4766 y CVE-2016-4768. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93067 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4728
https://notcve.org/view.php?id=CVE-2016-4728
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 maneja incorrectamente prototipos de error, lo que permite a atacantes remotos ejecutar un código arbitrario a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93064 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4751
https://notcve.org/view.php?id=CVE-2016-4751
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. El componente Safari Tabs en Apple Safari en versiones anteriores a 10 permite a atacantes remotos suplantar la barra de dirección de una pestaña a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://www.securityfocus.com/bid/93058 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207157 • CWE-254: 7PK - Security Features •