CVE-2016-1728
https://notcve.org/view.php?id=CVE-2016-1728
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. La implementación Cascading Style Sheets (CSS) en Apple iOS en versiones anteriores a 9.2.1 y Safari en versiones anteriores a 9.0.3 no maneja adecuadamente el selector "a:visited button" durante un alto procesamiento, lo que hace que sea más fácil para atacantes remotos obtener información sensible del historial del navegador a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00004.html http://packetstormsecurity.com/files/136227/WebKitGTK-Memory-Corruption-Denial-Of-Service.html http://www.securityfocus.com/archive/1/537771/100/0/threaded http://www.securityfocus.com/bid/81263 http://www.securitytracker.com/id/1034737 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT205730 https://support.apple.com/HT205732 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1723
https://notcve.org/view.php?id=CVE-2016-1723
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.2.1 y Safari en versiones anteriores a 9.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-1725 y CVE-2016-1726. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://packetstormsecurity.com/files/136227/WebKitGTK-Memory-Corruption-Denial-Of-Service.html http://www.securityfocus.com/archive/1/537771/100/0/threaded http://www.securityfocus.com/bid/81263 http://www.securitytracker.com/id/1034737 https://security.gentoo.org/glsa/201706-15 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1724
https://notcve.org/view.php?id=CVE-2016-1724
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.2.1, Safari en versiones anteriores a 9.0.3 y tvOS en versiones anteriores a 9.1.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-1727. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00004.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://packetstormsecurity.com/files/136227/WebKitGTK-Memory-Corruption-Denial-Of-Service.html http://www.securityfocus.com/archive/1/537771/100/0/threaded http://www.securityfocus.com/bid/81263 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1727
https://notcve.org/view.php?id=CVE-2016-1727
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.2.1, Safari en versiones anteriores a 9.0.3 y tvOS en versiones anteriores a 9.1.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-1724. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00004.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://packetstormsecurity.com/files/136227/WebKitGTK-Memory-Corruption-Denial-Of-Service.html http://www.securityfocus.com/archive/1/537771/100/0/threaded http://www.securityfocus.com/bid/81263 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7093
https://notcve.org/view.php?id=CVE-2015-7093
Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. Safari en Apple iOS en versiones anteriores a 9.2 permite a atacantes remotos suplantar una URL en la interfaz de usuario a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://www.securitytracker.com/id/1034348 https://support.apple.com/HT205635 • CWE-20: Improper Input Validation •