CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4584
https://notcve.org/view.php?id=CVE-2016-4584
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. La implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https://support.apple.com/HT206902 https://support.apple.com/HT206905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4590
https://notcve.org/view.php?id=CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Webkit en Apple iOS en versiones anteriores a 9.3.3 y Safari en versiones anteriores a 9.1.2 no maneja correctamente about: URLs, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91835 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https://support.apple.com/HT206902 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4591
https://notcve.org/view.php?id=CVE-2016-4591
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localización, lo que permite a atacantes remotos acceder al sistema de archivos local a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-4592
https://notcve.org/view.php?id=CVE-2016-4592
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos provocar una denegación del servicio (consumo de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4585
https://notcve.org/view.php?id=CVE-2016-4585
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. Vulnerabilidad de XSS en la implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una respuesta HTTP especificando redirección que Safari no maneja correctamente. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •