CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1801 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1801
17 May 2016 — The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors. El subsistema proxy CFNetwork en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y tvOS en versiones anteriores a 9.2.1 no maneja correctamente URLs en peticiones http y https, lo que permite a atacantes remotos obtener información sensible a tr... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1802 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1802
17 May 2016 — CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. CCCrypt en CommonCrypto en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 no maneja correctamente los valores de retorno durante los cálculos de longi... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 3CVE-2016-1803 – Apple OS X IOKit CoreCaptureResponder Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1803
17 May 2016 — CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. CoeCapture en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una de... • https://packetstorm.news/files/id/137399 • CWE-476: NULL Pointer Dereference •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 3CVE-2016-1807 – Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
https://notcve.org/view.php?id=CVE-2016-1807
17 May 2016 — Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. Condición de carrera en el subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a usuarios locales obtener información sensible de la memo... • https://packetstorm.news/files/id/137395 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-1811 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1811
17 May 2016 — ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. ImageIO en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO) a través de una imagen manipulada. OS X El Capit... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 3CVE-2016-1813 – Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource
https://notcve.org/view.php?id=CVE-2016-1813
17 May 2016 — The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. El método IOAccelSharedUserClient2::page_off_resource en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 perm... • https://packetstorm.news/files/id/137400 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1814 – Apple Security Advisory 2016-05-16-4
https://notcve.org/view.php?id=CVE-2016-1814
17 May 2016 — IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y tvOS en versiones anteriores a 9.2.1 permite a atacantes causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. OS X El Capitan 10.11.5 and Security Update 2016-003 is now available an... • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 3CVE-2016-1819 – Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
https://notcve.org/view.php?id=CVE-2016-1819
17 May 2016 — Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. Vulnerabilidad de uso después de liberación de memoria en el método IOAccelContext2::clientMemoryForType en Apple iOS en versiones anteriores... • https://packetstorm.news/files/id/137396 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 3CVE-2016-1823 – Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type
https://notcve.org/view.php?id=CVE-2016-1823
17 May 2016 — The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824. La función IOHIDDevice::handleReportWithTime en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriore... • https://packetstorm.news/files/id/137397 • CWE-125: Out-of-bounds Read •