CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1797 – Apple OS X fontd Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-1797
17 May 2016 — Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes eludir las restricciones de política de sandbox destinadas a FontValidator y ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows remote attackers to execu... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1798 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1798
17 May 2016 — Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. Audio en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes causar una denegación de servicio (referencia a puntero NULO) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1799 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1799
17 May 2016 — Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Audio en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, informatio... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1800 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1800
17 May 2016 — Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. Captive Network Assistant en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente un esquema de URL personalizado, lo que permite a atacantes remotos asistidos por un usuario ejecutar código arbitrario a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1801 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1801
17 May 2016 — The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors. El subsistema proxy CFNetwork en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y tvOS en versiones anteriores a 9.2.1 no maneja correctamente URLs en peticiones http y https, lo que permite a atacantes remotos obtener información sensible a tr... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1802 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1802
17 May 2016 — CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. CCCrypt en CommonCrypto en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 no maneja correctamente los valores de retorno durante los cálculos de longi... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 3CVE-2016-1803 – Apple OS X IOKit CoreCaptureResponder Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1803
17 May 2016 — CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. CoeCapture en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una de... • https://packetstorm.news/files/id/137399 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1804 – Apple OS X WindowServer Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1804
17 May 2016 — The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Multi-Touch de Apple en OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnera... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1805 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1805
17 May 2016 — CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. CoeStoage en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1806 – Apple OS X SubmitDiagInfo Arbitrary Directory Creation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1806
17 May 2016 — Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Crash Reporter en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious ... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •