CVSS: 9.8EPSS: 9%CPEs: 7EXPL: 0CVE-2016-4615 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4615
19 Jul 2016 — libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. libxml2 en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4648 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4648
19 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel o provocar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerab... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 94%CPEs: 1EXPL: 0CVE-2014-9862 – Ubuntu Security Notice USN-4500-1
https://notcve.org/view.php?id=CVE-2014-9862
19 Jul 2016 — Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Error de entero sin signo en bspatch.c en bspatch en bsdiff, como se utiliza en Apple OS X en versiones anteriores a 10.11.6 y otros productos, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffe... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2016-4625 – Apple macOS 10.12 - 'task_t' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4625
19 Jul 2016 — Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación de memoria en IOSurface en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios a través vectores no especificados. OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities. • https://packetstorm.news/files/id/139354 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1860
https://notcve.org/view.php?id=CVE-2016-1860
19 Jun 2016 — Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. Intel Graphics Driver en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2016-1862. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1862
https://notcve.org/view.php?id=CVE-2016-1862
19 Jun 2016 — Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. Intel Graphics Driver en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes obtener información sensible de la estructura del kernel a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2016-1860. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1861 – Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1861
09 Jun 2016 — The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. El subsistema NVIDIA Graphics Drivers en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vu... • https://packetstorm.news/files/id/137394 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1791 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1791
17 May 2016 — The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. El subsistema de AMD en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •