CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1800 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1800
17 May 2016 — Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. Captive Network Assistant en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente un esquema de URL personalizado, lo que permite a atacantes remotos asistidos por un usuario ejecutar código arbitrario a través de vectores no especificados. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1804 – Apple OS X WindowServer Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1804
17 May 2016 — The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Multi-Touch de Apple en OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnera... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1805 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1805
17 May 2016 — CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. CoeStoage en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1806 – Apple OS X SubmitDiagInfo Arbitrary Directory Creation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1806
17 May 2016 — Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Crash Reporter en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious ... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1808 – Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1808
17 May 2016 — The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privil... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1810 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1810
17 May 2016 — The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available a... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1812 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1812
17 May 2016 — Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other v... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1815 – Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1815
17 May 2016 — IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installatio... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1816 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1816
17 May 2016 — IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresse... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1CVE-2015-8865 – file: Buffer over-write in finfo_open with malformed magic file
https://notcve.org/view.php?id=CVE-2015-8865
28 Apr 2016 — The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. La función file_check_mem en funcs.c en file en versiones anteriores a 5.23, cómo se utiliza en el componente Fileinfo en PHP en versiones anteri... • http://bugs.gw.com/view.php?id=522 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •