CVSS: 8.1EPSS: 0%CPEs: 31EXPL: 1CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1754
https://notcve.org/view.php?id=CVE-2016-1754
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. El kernel en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1755. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 https://support.apple.com/HT206169 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2016-1734
https://notcve.org/view.php?id=CVE-2016-1734
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. AppleUSBNetworking en Apple iOS en versiones anteriores a 9.3 y OS X en versiones anteriores a 10.11.4 permite a atacantes físicamente próximos ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de un dispositivo USB manipulado. • https://github.com/Manouchehri/CVE-2016-1734 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1753 – Apple OS X IOGeneralMemoryDescriptor Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1753
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples desbordamientos de entero en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGeneralMemoryDescriptor interface. The issue lies in the failure to test user-supplied input for integer overflow. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 http://www.zerodayinitiative.com/advisories/ZDI-16-207 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1747 – Apple OS X IOGraphicsFamily Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1747
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. IOGraphics en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1746. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGraphicsFamily interface. The issue lies failure to validate user-supplied function addresses prior to using them. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 http://www.zerodayinitiative.com/advisories/ZDI-16-205 https://support.apple.com/HT206167 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •