CVE-2016-4763
https://notcve.org/view.php?id=CVE-2016-4763
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. WKWebView en WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 no verifica correctamente certificados X.509 desde servidores HTTPS, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93066 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https://support.apple.com/HT207158 • CWE-310: Cryptographic Issues •
CVE-2016-4760
https://notcve.org/view.php?id=CVE-2016-4760
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos llevar a cabo ataques de revinculación DNS contra sesiones no HTTP de Safari aprovechando el soporte HTTP/0.9. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93066 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https://support.apple.com/HT207158 • CWE-284: Improper Access Control •
CVE-2016-4623
https://notcve.org/view.php?id=CVE-2016-4623
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2, y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4589, CVE-2016-4622 y CVE-2016-4624. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4651
https://notcve.org/view.php?id=CVE-2016-4651
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. Vulnerabilidad de XSS en el WebKit JavaScript bindings en Apple iOS en versiones anteriores a 9.3.3 y Safari en versiones anteriores a 9.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una respuesta HTTP/0.9 manipulada, relacionado con una vulnerabilidad "cross-protocol cross-site scripteng (XPXSS)". • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91835 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https://support.apple.com/HT206902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4624
https://notcve.org/view.php?id=CVE-2016-4624
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4589, CVE-2016-4622 y CVE-2016-4623. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •