CVSS: 10.0EPSS: 1%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1841 – Ubuntu Security Notice USN-3271-1
https://notcve.org/view.php?id=CVE-2016-1841
17 May 2016 — libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. libxslt, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servic... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1842 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1842
17 May 2016 — MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MapKit en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y watchOS en versiones anteriores a 2.2.1 no utiliza HTTPS para los enlaces compartidos, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de tráfico HTTP. OS ... • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1847 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1847
17 May 2016 — OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. OpenGL, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1802 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1802
17 May 2016 — CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. CCCrypt en CommonCrypto en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 no maneja correctamente los valores de retorno durante los cálculos de longi... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 3CVE-2016-1803 – Apple OS X IOKit CoreCaptureResponder Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1803
17 May 2016 — CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. CoeCapture en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una de... • https://packetstorm.news/files/id/137399 • CWE-476: NULL Pointer Dereference •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 3CVE-2016-1807 – Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
https://notcve.org/view.php?id=CVE-2016-1807
17 May 2016 — Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. Condición de carrera en el subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a usuarios locales obtener información sensible de la memo... • https://packetstorm.news/files/id/137395 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1808 – Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1808
17 May 2016 — The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privil... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1811 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1811
17 May 2016 — ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. ImageIO en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO) a través de una imagen manipulada. OS X El Capit... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-476: NULL Pointer Dereference •