CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.openwall.com/lists/oss-security/2016/05/25/2 http://www • CWE-134: Use of Externally-Controlled Format String •
CVE-2016-1848 – Apple QuickTime - '.mov' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1848
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. QuickTime en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. • https://www.exploit-db.com/exploits/39839 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://protekresearchlab.com/cosig-2016-19 http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1853
https://notcve.org/view.php?id=CVE-2016-1853
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support. Tcl en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos obtener información sensible aprovechando soporte SSLv2. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1825 – Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1825
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOHIDFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • https://www.exploit-db.com/exploits/44237 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1851
https://notcve.org/view.php?id=CVE-2016-1851
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors. La función Screen Locken Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente perfiles de contraseña, lo que permite a atacantes físicamente próximos restablecer contraseñas caducadas en el estado de bloqueo de pantalla a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 •