CVE-2016-4728
https://notcve.org/view.php?id=CVE-2016-4728
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 maneja incorrectamente prototipos de error, lo que permite a atacantes remotos ejecutar un código arbitrario a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93064 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-20: Improper Input Validation •
CVE-2016-4768 – Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4768
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4759, CVE-2016-4765, CVE-2016-4766 y CVE-2016-4767. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTMLVideoElement objects. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93067 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4769
https://notcve.org/view.php?id=CVE-2016-4769
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit en Apple iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93062 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207157 https://support.apple.com/HT207158 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4766
https://notcve.org/view.php?id=CVE-2016-4766
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. WebKit en Apple iOS en versiones anteriores a 10, tvOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4759, CVE-2016-4765, CVE-2016-4767 y CVE-2016-4768. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93067 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4616
https://notcve.org/view.php?id=CVE-2016-4616
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619. libxml2 en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4614, CVE-2016-4615 y CVE-2016-4619. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://www.securityfocus.com/bid/91826 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206899 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •