CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4594
https://notcve.org/view.php?id=CVE-2016-4594
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes acceder a la lista de procesos a través de una aplicación manipulada que hace una llamada API. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://www.securityfocus.com/bid/91834 http://www.securitytracker.com/id/1036344 https://support.apple.com/HT206902 https://support.apple.com/HT206903 https://support.apple.com/HT206904 https:// • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4597
https://notcve.org/view.php?id=CVE-2016-4597
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602. QuickTime en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una imagen de mapa de bits FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-4596, CVE-2016-4600 y CVE-2016-4602. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 95%CPEs: 1EXPL: 0CVE-2014-9862
https://notcve.org/view.php?id=CVE-2014-9862
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Error de entero sin signo en bspatch.c en bspatch en bsdiff, como se utiliza en Apple OS X en versiones anteriores a 10.11.6 y otros productos, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) a través de un archivo de revisión manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html http://seclists.org/fulldisclosure/2020/Jul/8 http://www.openwall.com/lists/oss-security/2020/07/09/2 http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036438 https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998 https://bugs.chromium.org/p/chromium/issues/detail?id=372525 https:// • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1863 – Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1863
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4582 y CVE-2016-4653. The Mac OS X kernel suffers from a use-after-free vulnerability. in IOBluetoothFamily.kext. • https://www.exploit-db.com/exploits/40652 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://www.securityfocus.com/bid/91828 http://www.securitytracker.com/id/1036344 https://support.apple.com/HT206902 https://support.apple.com/HT206903 https • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4598
https://notcve.org/view.php?id=CVE-2016-4598
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image. QuickTime en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una imagen manipulada. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •