CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4660 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4660
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriore... • http://www.securityfocus.com/bid/93849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4664 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4664
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el c... • http://www.securityfocus.com/bid/93854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4611 – Apple Security Advisory 2016-09-20-2
https://notcve.org/view.php?id=CVE-2016-4611
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupc... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4753 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4753
20 Sep 2016 — Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no maneja correctamente imágenes de disco indicado, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación ma... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4726 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4726
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4767 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4767
20 Sep 2016 — WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4733 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4733
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupc... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4707 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4707
20 Sep 2016 — CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente la eliminación de Local Storage, lo que permite a usuarios locales descubrir los sitios web visitados por usuarios arbitrarios a través de vectores no especificados. A large number of security issues were... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4776 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4776
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información de estructura de memor... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4760 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4760
20 Sep 2016 — WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos llevar a cabo ataques de revinculación DNS contra sesiones no HTTP de Safari aprovechando el soporte HTTP/0.9. A large number of security ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-284: Improper Access Control •