CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1816
https://notcve.org/view.php?id=CVE-2016-1816
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. IOAcceleratorFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1842
https://notcve.org/view.php?id=CVE-2016-1842
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MapKit en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y watchOS en versiones anteriores a 2.2.1 no utiliza HTTPS para los enlaces compartidos, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de tráfico HTTP. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https://support.apple.com/HT206568 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1831
https://notcve.org/view.php?id=CVE-2016-1831
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.2 y OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206567 https://support.apple.com/HT206568 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2016-1835 – libxml2: Heap use-after-free in xmlSAX2AttributeNs
https://notcve.org/view.php?id=CVE-2016-1835
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. Vulnerabilidad de uso después de liberación de memoria en la función xmlSAX2AttributeNs en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2 y OS X en versiones anteriores a 10.11.5, permite a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1817 – Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1817
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819. IOAcceleratorFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1818 y CVE-2016-1819. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the IOAcceleratorFamily2 interface. The issue lies in the failure to ensure that a user-supplied size is within the bounds of the allocated buffer. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com/id/1035890 http://www.zerodayinitiative.com/advisories/ZDI-16-340 https://support.apple.com/HT206564 https://support.apple.com/H • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •