CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2016-1840 – libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
https://notcve.org/view.php?id=CVE-2016-1840
17 May 2016 — Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento del buffer basado en memoria dinámica en la función xmlFAParsePosCharGroup en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1842 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1842
17 May 2016 — MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MapKit en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y watchOS en versiones anteriores a 2.2.1 no utiliza HTTPS para los enlaces compartidos, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de tráfico HTTP. OS ... • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1843 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1843
17 May 2016 — The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente el nombre de archivo de codificación, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP fla... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1844 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1844
17 May 2016 — The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente cambios en las rotaciones, lo que permite a atacantes remotos modificar listas de contactos a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leaka... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1846 – Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext
https://notcve.org/view.php?id=CVE-2016-1846
17 May 2016 — The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. El método nvCommandQueue::GetHandleIndex en el subsistema NVIDIA Graphics Drivers en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de serv... • https://packetstorm.news/files/id/137403 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 1CVE-2016-1848 – Apple QuickTime - '.mov' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1848
17 May 2016 — QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. QuickTime en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various ot... • https://www.exploit-db.com/exploits/39839 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1850 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1850
17 May 2016 — SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. SceneKit en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various othe... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1851 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1851
17 May 2016 — The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. La función Screen Locken Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente perfiles de contraseña, lo que permite a atacantes físicamente próximos restablecer contraseñas caducadas en el estado de bloqueo de pantalla a través de vectores no especificados. OS X El Capitan 10.11.5 and Secur... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1853 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1853
17 May 2016 — Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. Tcl en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos obtener información sensible aprovechando soporte SSLv2. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1792 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1792
17 May 2016 — The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema de AMD en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execu... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •