CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4635 – Apple Security Advisory 2016-07-18-2
https://notcve.org/view.php?id=CVE-2016-4635
19 Jul 2016 — FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. FaceTime en Apple iOS en versiones anteriores a 9.3.3 y OS X en versiones anteriores a 10.11.6 permite a atacantes man-in-the-middle suplantar la retransmisión de llamada y obtener información de audio sensible en circunstancias oportunistas, a través de vectores no especificados. OS X ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4603 – Apple Security Advisory 2016-07-18-2
https://notcve.org/view.php?id=CVE-2016-4603
19 Jul 2016 — Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. Web Media en Apple iOS en versiones anteriores a 9.3.3 permite a atacantes eludir el mecanismo de protección Private Browsing y obtener información sensible de URL de vídeo aprovechando el mal comportamiento de Safari View Controller. iOS 9.3.3 is now available and addresses denial of service, code execution, and... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2016-4609 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4609
19 Jul 2016 — libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones an... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4651 – WebKitGTK+ SOP Bypass / Information Disclosure
https://notcve.org/view.php?id=CVE-2016-4651
19 Jul 2016 — Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. Vulnerabilidad de XSS en el WebKit JavaScript bindings en Apple iOS en versiones anteriores a 9.3.3 y Safari en versiones anteriores a 9.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbit... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.1EPSS: 3%CPEs: 5EXPL: 0CVE-2016-4583 – WebKitGTK+ SOP Bypass / Information Disclosure
https://notcve.org/view.php?id=CVE-2016-4583
19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos eludir la Same Origin Policy y obtener la fecha de imagen de un sitio web no intencionado a través de un ataque de sincron... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4594 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4594
19 Jul 2016 — The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes acceder a la lista de procesos a través de una aplicación manipulada que hace una llama... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2016-4591 – WebKitGTK+ SOP Bypass / Information Disclosure
https://notcve.org/view.php?id=CVE-2016-4591
19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localización, lo que permite a atacantes remotos acceder al sistema de archivos local a través de vectores no especificados. A large number of se... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4582 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4582
19 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4650 – Apple OS X IOHIDFamily Heap Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4650
19 Jul 2016 — Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Desbordamiento de búfer basado en memoria dinámica en IOHIDFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y tvOS en versiones anteriores a 9.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado ... • http://www.securityfocus.com/bid/92034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2016-4622 – Apple Safari Array.splice Out-Of-Bounds Access Remote Code Execuction Vulnerability
https://notcve.org/view.php?id=CVE-2016-4622
19 Jul 2016 — WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupc... • https://github.com/hdbreaker/WebKit-CVE-2016-4622 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •