CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1824
https://notcve.org/view.php?id=CVE-2016-1824
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823. IOHIDFamily en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1823. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90691 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206564 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 1CVE-2016-1837 – libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
https://notcve.org/view.php?id=CVE-2016-1837
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) htmlPArsePubidLiteral y (2) htmlParseSystemiteral en libxml2 en versiones anteriores a 2.9.4, como se utilizan en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permiten a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1832
https://notcve.org/view.php?id=CVE-2016-1832
libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. libc en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90691 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206564 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1808 – Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1808
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHDIXController interface. The issue lies with the failure to validate user-supplied function addresses prior to using them. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206564 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1841
https://notcve.org/view.php?id=CVE-2016-1841
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. libxslt, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90691 http://www.securitytracker.com/id/1035890 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •