CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4648 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4648
19 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel o provocar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerab... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 94%CPEs: 1EXPL: 0CVE-2014-9862 – Ubuntu Security Notice USN-4500-1
https://notcve.org/view.php?id=CVE-2014-9862
19 Jul 2016 — Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Error de entero sin signo en bspatch.c en bspatch en bsdiff, como se utiliza en Apple OS X en versiones anteriores a 10.11.6 y otros productos, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffe... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2016-4625 – Apple macOS 10.12 - 'task_t' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4625
19 Jul 2016 — Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación de memoria en IOSurface en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios a través vectores no especificados. OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities. • https://packetstorm.news/files/id/139354 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2015-7987
https://notcve.org/view.php?id=CVE-2015-7987
26 Jun 2016 — Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function. Múltiples desbordamientos de buffer en mDNSResponder en versiones anteriores a 625.41.2 permiten a atacantes remotos leer o escribir en posiciones de memoria fuera de los límites a través de vectores implicando la función (1) GetValueForIPv4Ad... • http://www.kb.cert.org/vuls/id/143335 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2015-7988
https://notcve.org/view.php?id=CVE-2015-7988
26 Jun 2016 — The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. La función handle_regservice_request en mDNSResponder en versiones anteriores a 625.41.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/143335 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1860
https://notcve.org/view.php?id=CVE-2016-1860
19 Jun 2016 — Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. Intel Graphics Driver en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2016-1862. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1862
https://notcve.org/view.php?id=CVE-2016-1862
19 Jun 2016 — Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. Intel Graphics Driver en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes obtener información sensible de la estructura del kernel a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2016-1860. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1861 – Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1861
09 Jun 2016 — The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. El subsistema NVIDIA Graphics Drivers en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vu... • https://packetstorm.news/files/id/137394 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •