Page 219 of 3279 results (0.018 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

14 Sep 2016 — Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Mail en Apple iOS en versiones anteriores a 10 no maneja adecuadamente certificados, lo que facilita a atacantes man-in-the-middle descubrir credenciales de correo a través de vectores no especificados. iOS 10 is now available and addresses network blocking, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0

14 Sep 2016 — Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. Apple iOS en versiones anteriores a 10, cuando se utiliza Handoff para Messages, no asegura que ha ocurrido un registro en Messages antes de mostrar mensajes, lo que podría permitir a atacantes obtener información sensible a través de vectores no especificados. iOS 10 is now available and a... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

14 Sep 2016 — The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. El componente Assets en Apple iOS en versiones anteriores a 10 permite a atacantes man-in-the-middle bloquear actualizaciones de software a través de vectores relacionados con falta de una sesión HTTPS para la recuperación de actualizaciones. iOS 10 is now available and addresses network blocking, information disclosure, and various ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-254: 7PK - Security Features •

CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 2

25 Aug 2016 — The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities... • https://packetstorm.news/files/id/148041 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 68%CPEs: 1EXPL: 7

25 Aug 2016 — WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious websit... • https://packetstorm.news/files/id/148041 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 15%CPEs: 2EXPL: 4

25 Aug 2016 — The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes obtener información sensible de la memoria a través de una aplicación manipulada. iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities. The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. • https://packetstorm.news/files/id/148041 •

CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0

23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

20 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0

19 Jul 2016 — ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. ImageIO en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados. OS X El Capitan ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2, y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrup... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •