CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4728 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4728
20 Sep 2016 — WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 maneja incorrectamente prototipos de error, lo que permite a atacantes remotos ejecutar un código arbitrario a través de un siti... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4778 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4778
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupció... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4765 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4765
20 Sep 2016 — WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4737 – Apple Security Advisory 2016-09-20-2
https://notcve.org/view.php?id=CVE-2016-4737
20 Sep 2016 — WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4774 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4774
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información sensible de estructura... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4719 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4719
14 Sep 2016 — The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. El componente GeoServices en Apple iOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no restringe adecuadamente los accesos a información PlaceData, lo que permite a atacantes descubrir ubicaciones físicas a través de una aplicación manipulada. iOS 10 is now available and address... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4749 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4749
14 Sep 2016 — Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. Printing UIKit en Apple iOS en versiones anteriores a 10 no maneja adecuadamente variables de entorno, lo que permite a usuarios locales descubrir la vista previa del contenido AirPrint en texto plano mediante la lectura de un archivo temporal. iOS 10 is now available and addresses network blocking, information disclosure, and various ot... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4746 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4746
14 Sep 2016 — The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. El componente Keyboards en Apple iOS en versiones anteriores a 10 no utiliza adecuadamente una caché para sugerencias de autocorrección, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando una corrección no intencion... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4620 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4620
14 Sep 2016 — The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 10 no restringe adecuadamente el acceso a los metadatos del directorio para directorios de borradores de SMS, lo que permite a atacantes descubrir receptores de mensajes de texto a través de una aplicación manipulada. iOS 10 is... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4747 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4747
14 Sep 2016 — Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Mail en Apple iOS en versiones anteriores a 10 no maneja adecuadamente certificados, lo que facilita a atacantes man-in-the-middle descubrir credenciales de correo a través de vectores no especificados. iOS 10 is now available and addresses network blocking, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •