CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4771 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4771
20 Sep 2016 — The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. El kernel en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a usuarios locales eludir restricciones destinadas al acceso de archivo a través de un directorio de nombre de ruta manipulado. The iOS 10 advisory has been updated to include additional findings. These relate to code execution and more. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4777 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4777
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4618 – Apple Security Advisory 2016-09-20-2
https://notcve.org/view.php?id=CVE-2016-4618
20 Sep 2016 — Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en Safari Reader en Apple iOS en versiones anteriores a 10 y Safari en versiones anteriores a 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un sitio web manipulado, vulnerabilidad también conocida como "Universal XSS (UXS... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4611 – Apple Security Advisory 2016-09-20-2
https://notcve.org/view.php?id=CVE-2016-4611
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupc... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4753 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4753
20 Sep 2016 — Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no maneja correctamente imágenes de disco indicado, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación ma... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4726 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4726
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4767 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4767
20 Sep 2016 — WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4733 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4733
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupc... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4707 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4707
20 Sep 2016 — CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente la eliminación de Local Storage, lo que permite a usuarios locales descubrir los sitios web visitados por usuarios arbitrarios a través de vectores no especificados. A large number of security issues were... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4711 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4711
20 Sep 2016 — CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. Crypt en corecrypto en CommonCrypto en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes descubrir información en texto plano aprovechando una llamada a una función que especifica el mismo búfer para entrada y salida. The iOS 10 advisory has been u... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •