CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4665 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4665
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el c... • http://www.securityfocus.com/bid/93854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 4CVE-2016-4669 – Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety s
https://notcve.org/view.php?id=CVE-2016-4669
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versione... • https://packetstorm.news/files/id/158874 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4673 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4673
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriore... • http://www.securityfocus.com/bid/93849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4686 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4686
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. El problema involucra el componente "Contacts", que no previene el acceso de aplicaciones a Address Book después de la revocación de acceso. iOS 10.1 is now available and addresses information leaks, co... • http://www.securityfocus.com/bid/93848 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4680 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4680
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra... • http://www.securityfocus.com/bid/93854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4776 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4776
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información de estructura de memor... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4760 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4760
20 Sep 2016 — WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos llevar a cabo ataques de revinculación DNS contra sesiones no HTTP de Safari aprovechando el soporte HTTP/0.9. A large number of security ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4768 – Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4768
20 Sep 2016 — WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges
https://notcve.org/view.php?id=CVE-2016-4658
20 Sep 2016 — xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12,... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4722 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4722
20 Sep 2016 — The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. El componente IDS - Connectivity en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes man-in-the-middle llevar a cabo ataques de suplantación Call Relay y provocar una denegación de servicio a través de vectores no especificados. The iOS 10 advisory has bee... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •