CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4584
https://notcve.org/view.php?id=CVE-2016-4584
19 Jul 2016 — The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. La implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.1EPSS: 3%CPEs: 5EXPL: 0CVE-2016-4583
https://notcve.org/view.php?id=CVE-2016-4583
19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos eludir la Same Origin Policy y obtener la fecha de imagen de un sitio web no intencionado a través de un ataque de sincron... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 3%CPEs: 4EXPL: 0CVE-2016-4585
https://notcve.org/view.php?id=CVE-2016-4585
19 Jul 2016 — Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. Vulnerabilidad de XSS en la implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos inye... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4587
https://notcve.org/view.php?id=CVE-2016-4587
19 Jul 2016 — WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. WebKit en Apple iOS en versiones anteriores a 9.3.3 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos obtener información sensible de procesos de memoria no inicializados a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2016-4591
https://notcve.org/view.php?id=CVE-2016-4591
19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localización, lo que permite a atacantes remotos acceder al sistema de archivos local a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1865
https://notcve.org/view.php?id=CVE-2016-1865
19 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1863 – Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1863
19 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar ... • https://www.exploit-db.com/exploits/40652 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4594
https://notcve.org/view.php?id=CVE-2016-4594
19 Jul 2016 — The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes acceder a la lista de procesos a través de una aplicación manipulada que hace una llama... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 9EXPL: 0CVE-2016-4607
https://notcve.org/view.php?id=CVE-2016-4607
19 Jul 2016 — libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones a ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4582
https://notcve.org/view.php?id=CVE-2016-4582
19 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •