Security Vulnerabilities - CVEs Published In September 2016
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
CVSS Score
8.8
EPSS Score
0.009
Published
2016-09-25
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
CVSS Score
8.8
EPSS Score
0.01
Published
2016-09-25
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
6.8
EPSS Score
0.002
Published
2016-09-25
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Score
8.8
EPSS Score
0.007
Published
2016-09-25
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
CVSS Score
6.5
EPSS Score
0.011
Published
2016-09-25
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
CVSS Score
8.8
EPSS Score
0.008
Published
2016-09-25
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
CVSS Score
6.5
EPSS Score
0.01
Published
2016-09-25
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-09-25
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.0
Published
2016-09-25
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVSS Score
7.8
EPSS Score
0.004
Published
2016-09-25