CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1755 – Apple Mac OSX Kernel - AppleKeyStore Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1755
22 Mar 2016 — The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. El kernel en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes ejecutar código arbitrario en un contexto pri... • https://packetstorm.news/files/id/136356 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1756 – Apple Security Advisory 2016-03-21-5
https://notcve.org/view.php?id=CVE-2016-1756
22 Mar 2016 — The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3 y OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar cógido arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. OS X El Capitan 10.11.4 and Security Update 20... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 5CVE-2016-1757 – Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution
https://notcve.org/view.php?id=CVE-2016-1757
22 Mar 2016 — Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. Condición de carrera en el kernel en Apple iOS en versiones anteriores a 9.3 y OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar cógido arbitrario en un contexto privilegiado a través de una app manipulada. The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first ... • https://packetstorm.news/files/id/136351 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1758 – Apple Security Advisory 2016-03-21-5
https://notcve.org/view.php?id=CVE-2016-1758
22 Mar 2016 — The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3 y OS X en versiones anteriores a 10.11.4 permite a atacantes obtener información sensible de la estructura de memoria o causar una denegación de servicio (lectura fuera de rango) a través de una app manipulada. OS X El Capitan 10.11.4 and Security Update 2016-002 is n... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1760 – Apple Security Advisory 2016-03-21-1
https://notcve.org/view.php?id=CVE-2016-1760
22 Mar 2016 — The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. La API XPC Services en LaunchServices en Apple iOS en versiones anteriores a 9.3 permite a atacantes eludir las restricciones destinadas al manejador de eventos y modificar un events de app arbitrario a través de una app manipulada. iOS 9.3 is now available and addresses code execution, memory corruption, and various other vulne... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 42%CPEs: 3EXPL: 0CVE-2016-1761 – Apple OS X XML Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1761
22 Mar 2016 — libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. libxml2 en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4 y watchOS en versiones anteriores a 2.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. This vulnerability al... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
22 Mar 2016 — The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1763 – Apple Security Advisory 2016-03-21-1
https://notcve.org/view.php?id=CVE-2016-1763
22 Mar 2016 — Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. Messages en Apple iOS en versiones anteriores a 9.3 no asegura que se aplique una acción de autorelleno al hilo del mensaje previsto, lo que permite a usuarios remotos autenticados obtener información sensible proporcionando un sms manipulado: URL y lleyendo un hilo. iOS ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2016-1766 – Apple iOS MDM Profile Signing Bypass
https://notcve.org/view.php?id=CVE-2016-1766
22 Mar 2016 — The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. El componente Profiles en Apple iOS en versiones anteriores a 9.3 no valida certificados correctamente, lo que permite a atacantes suplantar una relación de confianza de perfil MDM a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. Us... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html •
CVSS: 9.3EPSS: 8%CPEs: 4EXPL: 0CVE-2016-1775 – Apple OS X TTF bdat Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1775
22 Mar 2016 — TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. TrueTypeScaler en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •