Page 19 of 116 results (0.011 seconds)

CVSS: 7.1EPSS: 1%CPEs: 5EXPL: 0

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos provocar una denegación del servicio (consumo de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1856. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 http://www.zerodayinitiative.com/advisories/ZDI-16-343 https://support&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1857. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Safari manages the lifetime of TextTrack objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 http://www.zerodayinitiative.com/advisories/ZDI-16-342 https://support&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, no maneja adecuadamente el seguimiento de los atributos taint, lo que permite a atacantes remotos obtener información sensible a través de una página web manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 https://support.apple.com/HT206564 https://support.apple.com/HT206565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. La implementación WebKit Canvas en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GraphicsContext objects. By manipulating a document's elements an attacker can force this object in memory to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 http://www.zerodayinitiative.com/advisories/ZDI-16-352 https://support&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •