CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 2CVE-2016-1861 – Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1861
09 Jun 2016 — The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846. El subsistema NVIDIA Graphics Drivers en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vu... • https://packetstorm.news/files/id/137394 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 1CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash
https://notcve.org/view.php?id=CVE-2016-0718
18 May 2016 — Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker c... • https://packetstorm.news/files/id/141350 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 30EXPL: 1CVE-2016-1840 – libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
https://notcve.org/view.php?id=CVE-2016-1840
17 May 2016 — Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento del buffer basado en memoria dinámica en la función xmlFAParsePosCharGroup en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1841 – Ubuntu Security Notice USN-3271-1
https://notcve.org/view.php?id=CVE-2016-1841
17 May 2016 — libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. libxslt, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servic... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1842 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1842
17 May 2016 — MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MapKit en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y watchOS en versiones anteriores a 2.2.1 no utiliza HTTPS para los enlaces compartidos, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de tráfico HTTP. OS ... • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1843 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1843
17 May 2016 — The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente el nombre de archivo de codificación, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP fla... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1844 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1844
17 May 2016 — The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente cambios en las rotaciones, lo que permite a atacantes remotos modificar listas de contactos a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leaka... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 2CVE-2016-1846 – Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext
https://notcve.org/view.php?id=CVE-2016-1846
17 May 2016 — The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. El método nvCommandQueue::GetHandleIndex en el subsistema NVIDIA Graphics Drivers en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de serv... • https://packetstorm.news/files/id/137403 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •