CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2CVE-2016-1839 – libxml2 - xmlDictAddString Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1839
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlDictAddString en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • https://www.exploit-db.com/exploits/39491 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1817 – Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1817
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819. IOAcceleratorFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1818 y CVE-2016-1819. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the IOAcceleratorFamily2 interface. The issue lies in the failure to ensure that a user-supplied size is within the bounds of the allocated buffer. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com/id/1035890 http://www.zerodayinitiative.com/advisories/ZDI-16-340 https://support.apple.com/HT206564 https://support.apple.com/H • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1803 – Apple OS X IOKit CoreCaptureResponder Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1803
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. CoeCapture en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within CoreCaptureResponder in IOKit. The issue lies with the failure to validate user-supplied arguments which can cause a null pointer dereference. • https://www.exploit-db.com/exploits/39925 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137399/OS-X-CoreCaptureResponder-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1813 – Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource
https://notcve.org/view.php?id=CVE-2016-1813
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. El método IOAccelSharedUserClient2::page_off_resource en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. • https://www.exploit-db.com/exploits/39924 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137400/OS-X-IOAccelSharedUserClient2-page_off_resource-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/90694 http:// • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1819 – Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
https://notcve.org/view.php?id=CVE-2016-1819
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. Vulnerabilidad de uso después de liberación de memoria en el método IOAccelContext2::clientMemoryForType en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1817 y CVE-2016-1818. The OS X kernel suffers from a use-after-free vulnerability due to bad locking in IOAcceleratorFamily2. • https://www.exploit-db.com/exploits/39928 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137396/OS-X-Kernel-Use-After-Free-From-IOAcceleratorFamily2-Bad-Locking.html http://www.securityfocus.com/bid/90694 http://www • CWE-416: Use After Free •