CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4712 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4712
20 Sep 2016 — CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. CoreCrypto en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario o provocar una denegación de servicio (escritura fuera de rango) a través de una app manipulad... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4725 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4725
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria o provocar... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4727 – Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4727
20 Sep 2016 — IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOThunderboltFamily en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4724 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4724
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través a de una app manipulada. The iOS 10 advisory has be... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4698 – Apple Security Advisory 2016-09-20-3
https://notcve.org/view.php?id=CVE-2016-4698
20 Sep 2016 — AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. AppleMobileFileIntegrity en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente el proceso de autorización y los valores Team ID en la política de herencia de puerto de tareas, lo que permite a atacantes remotos e... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4778 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4778
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupció... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4774 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4774
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información sensible de estructura... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4852
https://notcve.org/view.php?id=CVE-2016-4852
12 Sep 2016 — YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence. YoruFukurou (NightOwl) en versiones anteriores a 2.85 confía en soporte para modificadores emoji skin-tone a pesar de que este soporte no se encuentra en CoreText CTFramesetter API en OS X 10.9, lo que permite a atacantes re... • http://jvn.jp/en/jp/JVN94816361/995844/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4653 – Apple OS X IOPMrootDomain Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4653
20 Jul 2016 — The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •