CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2016-1720 – Apple Mac OSX - io_service_close Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1720
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. IOKit en Apple iOS en versiones anteriores a 9.2.1, OS X en versiones anteriores a 10.11.3 y tvOS en versiones anteriores a 9.1.1 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. It turns out that the spoofed no-more-senders notification bug when applied to iokit objects was actually just a more complicated way to hit ::clientClose in parallel. You can in fact do this very simply by calling IOServiceClose on two threads. Like the spoofed notifications this leads to many bugs in many userclients, the exact nature of which depends on the semantics of the clientClose implementation. • https://www.exploit-db.com/exploits/39367 http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://packetstormsecurity.com/files/135435/IOKit-Methods-Being-Called-Without-Locks-From-IOServiceClose.html http://www.securitytracker.com/id/1034736 https://code.go • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1717
https://notcve.org/view.php?id=CVE-2016-1717
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. El componente Disk Images en Apple iOS en versiones anteriores a 9.2.1, OS X en versiones anteriores a 10.11.3 y tvOS en versiones anteriores a 9.1.1 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://www.securitytracker.com/id/1034736 https://support.apple.com/HT205729 https://support.apple.com/HT205731 https://support.apple.com/HT205732 https://support.apple.com/HT206168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2015-8659
https://notcve.org/view.php?id=CVE-2015-8659
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. El manejo de flujo de datos en reposo en nghttp2 en versiones anteriores a 1.6.0 permite atacantes tener un impacto no especificado a través de vectores desconocidos, también conocido como error de uso después de liberación de memoria dinámica. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html http://www.openwall.com/lists/oss-security/2015&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7116
https://notcve.org/view.php?id=CVE-2015-7116
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7115. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7115
https://notcve.org/view.php?id=CVE-2015-7115
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7116. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •