CVSS: 9.8EPSS: 6%CPEs: 21EXPL: 1CVE-2016-3141 – php: Use after free in WDDX Deserialize when processing XML data
https://notcve.org/view.php?id=CVE-2016-3141
31 Mar 2016 — Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. Vulnerabilidad de uso después de liberación de memoria en wddx.c en la extensión WDDX en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacante... • https://github.com/peternguyen93/CVE-2016-3141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.2EPSS: 11%CPEs: 21EXPL: 0CVE-2016-3142 – php: Out-of-bounds read in phar_parse_zipfile()
https://notcve.org/view.php?id=CVE-2016-3142
31 Mar 2016 — The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. La función phar_parse_zipfile en zip.c en la extensión PHAR en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos obtener información sensible ... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1788
https://notcve.org/view.php?id=CVE-2016-1788
24 Mar 2016 — Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. Messages en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4 y watchOS en versiones anteriores a 2.2 no implementa correctamente un mecanismo de protección criptográfico, lo que permite a atacantes remotos leer contenidos adjuntos de lo... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1759
https://notcve.org/view.php?id=CVE-2016-1759
24 Mar 2016 — The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1764
https://notcve.org/view.php?id=CVE-2016-1764
24 Mar 2016 — The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. La implementación de Content Security Policy (CSP) en Mensajes en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos obtener información sensibles a través de una URL javascript:. • https://github.com/moloch--/cve-2016-1764 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1773
https://notcve.org/view.php?id=CVE-2016-1773
24 Mar 2016 — The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. El subsistema de firmado de código en Apple OS X en versiones anteriores a 10.11.4 no verifica correctamente el propietario del archivo, lo que permite a usuarios locales determinar la existencia de archivos arbitrarios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1745
https://notcve.org/view.php?id=CVE-2016-1745
24 Mar 2016 — IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. IOFireWireFamily in Apple OS X en versiones anteriores a 10.11.4 permite a usuarios locales causar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1770
https://notcve.org/view.php?id=CVE-2016-1770
24 Mar 2016 — The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. El componente Reminders en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes eludir un requisito destinado a la confirmación de usuario y desencadenar una acción de llamada a través de una URL tel:. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 24%CPEs: 1EXPL: 1CVE-2016-1767 – Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1767
24 Mar 2016 — QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de una imagen FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-1768. • https://www.exploit-db.com/exploits/39633 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 24%CPEs: 1EXPL: 1CVE-2016-1768 – Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1768
24 Mar 2016 — QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de una imagen FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-1767. • https://www.exploit-db.com/exploits/39634 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •