CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4700 – Apple OS X AppleUpstreamUserClient Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4700
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. AppleUUC en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad distinta de CVE-2016-4699. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AppleUpstreamUserClient kernel extension. The issue lies in the failure to validate the size of a buffer prior to accessing it. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4727 – Apple OS X IOThunderboltFamily Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4727
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOThunderboltFamily en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOThunderboltFamily kext. The issue lies in the failure to properly initialize memory prior to accessing it. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4650 – Apple OS X IOHIDFamily Heap Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4650
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Desbordamiento de búfer basado en memoria dinámica en IOHIDFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y tvOS en versiones anteriores a 9.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHIDFamily kernel extension. The issue lies in the failure to validate a supplied length value causing a heap buffer overflow. • http://www.securityfocus.com/bid/92034 http://www.securitytracker.com/id/1036348 http://www.zerodayinitiative.com/advisories/ZDI-16-494 https://support.apple.com/en-in/HT206564 https://support.apple.com/en-in/HT206568 https://support.apple.com/en-us/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-4625 – Apple macOS 10.12 - 'task_t' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4625
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación de memoria en IOSurface en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios a través vectores no especificados. Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface. • https://www.exploit-db.com/exploits/40669 https://www.exploit-db.com/exploits/40653 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-416: Use After Free •