CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1851
https://notcve.org/view.php?id=CVE-2016-1851
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. La función Screen Locken Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente perfiles de contraseña, lo que permite a atacantes físicamente próximos restablecer contraseñas caducadas en el estado de bloqueo de pantalla a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1821 – Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine
https://notcve.org/view.php?id=CVE-2016-1821
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOAudioFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULO) a través de una app manipulada. • https://www.exploit-db.com/exploits/39926 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://bugs.chromium.org/p/project-zero/issues/detail?id=776 https://support.apple.com/HT206567 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1820 – Apple OS X AppleHDA Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1820
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en IOAudioFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AppleHDA kernel extension. The issue lies in the failure to validate a user-supplied size prior to copying data into a kernel buffer. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 http://www.zerodayinitiative.com/advisories/ZDI-16-347 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1822
https://notcve.org/view.php?id=CVE-2016-1822
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOFireWireFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1846 – Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext
https://notcve.org/view.php?id=CVE-2016-1846
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app. El método nvCommandQueue::GetHandleIndex en el subsistema NVIDIA Graphics Drivers en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a un puntero NULL y corrupción de memoria) a través de una app manipulada. • https://www.exploit-db.com/exploits/39920 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137403/OS-X-GeForce.kext-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://bugs.chromium.org/p/project-zero/issues/detail?id=784 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •