CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4735
https://notcve.org/view.php?id=CVE-2016-4735
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. WebKit en Apple iOS en versiones anteriores a 10, Safari en versiones anteriores a 10 y tvOS en versiones anteriores a 10 permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4611, CVE-2016-4730, CVE-2016-4733 y CVE-2016-4734. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93057 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4766
https://notcve.org/view.php?id=CVE-2016-4766
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4759, CVE-2016-4765, CVE-2016-4767 y CVE-2016-4768. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93067 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4620
https://notcve.org/view.php?id=CVE-2016-4620
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 10 no restringe adecuadamente el acceso a los metadatos del directorio para directorios de borradores de SMS, lo que permite a atacantes descubrir receptores de mensajes de texto a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4746
https://notcve.org/view.php?id=CVE-2016-4746
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. El componente Keyboards en Apple iOS en versiones anteriores a 10 no utiliza adecuadamente una caché para sugerencias de autocorrección, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando una corrección no intencionada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4719
https://notcve.org/view.php?id=CVE-2016-4719
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. El componente GeoServices en Apple iOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no restringe adecuadamente los accesos a información PlaceData, lo que permite a atacantes descubrir ubicaciones físicas a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://www.securityfocus.com/bid/92932 http://www.securityfocus.com/bid/92933 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207141 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •