CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1807 – Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
https://notcve.org/view.php?id=CVE-2016-1807
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. Condición de carrera en el subsistema Disk Images en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • https://www.exploit-db.com/exploits/39929 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.html http://www.securityfocus.com/bid/90694 http://www.securitytr • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2CVE-2016-1833 – libxml2: Heap-based buffer overread in htmlCurrentChar
https://notcve.org/view.php?id=CVE-2016-1833
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función htmlCurrentChar en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2016-1811
https://notcve.org/view.php?id=CVE-2016-1811
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. ImageIO en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULO) a través de una imagen manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206564 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https:// • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 2CVE-2016-1839 – libxml2 - xmlDictAddString Heap Buffer Overread
https://notcve.org/view.php?id=CVE-2016-1839
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlDictAddString en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • https://www.exploit-db.com/exploits/39491 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1802
https://notcve.org/view.php?id=CVE-2016-1802
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. CCCrypt en CommonCrypto en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1 no maneja correctamente los valores de retorno durante los cálculos de longitud de clave, lo que permite a atacantes obtener información sensible a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90694 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206564 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •