CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4585
https://notcve.org/view.php?id=CVE-2016-4585
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. Vulnerabilidad de XSS en la implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una respuesta HTTP especificando redirección que Safari no maneja correctamente. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4583
https://notcve.org/view.php?id=CVE-2016-4583
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos eludir la Same Origin Policy y obtener la fecha de imagen de un sitio web no intencionado a través de un ataque de sincronización que implica un documento SVG. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4605
https://notcve.org/view.php?id=CVE-2016-4605
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. Calendar en Apple iOS en versiones anteriores a la 9.3.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y reinicio de dispositivo) a través de una invitación manipulada. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://www.securityfocus.com/bid/91825 http://www.securitytracker.com/id/1036344 https://support.apple.com/HT206902 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4591
https://notcve.org/view.php?id=CVE-2016-4591
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localización, lo que permite a atacantes remotos acceder al sistema de archivos local a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/&# • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4603
https://notcve.org/view.php?id=CVE-2016-4603
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. Web Media en Apple iOS en versiones anteriores a 9.3.3 permite a atacantes eludir el mecanismo de protección Private Browsing y obtener información sensible de URL de vídeo aprovechando el mal comportamiento de Safari View Controller. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://www.securityfocus.com/bid/91825 http://www.securitytracker.com/id/1036344 https://support.apple.com/HT206902 • CWE-254: 7PK - Security Features •