CVE-2016-1742
https://notcve.org/view.php?id=CVE-2016-1742
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en el instalador en Apple iTunes en versiones anteriores a 12.4 permite a usuarios locales obtener privilegios a través de un Troyano DLL en el directorio de trabajo actual. • http://lists.apple.com/archives/security-announce/2016/May/msg00006.html http://www.securitytracker.com/id/1035887 https://support.apple.com/HT206379 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7017
https://notcve.org/view.php?id=CVE-2015-7017
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. CoreText en Apple iOS en versiones anteriores 9.1, OS X anteriores a 10.11.1 y iTunes en versiones a 12.3.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a tavés de un archivo de fuente manipulado, una vulnerabilidad diferente a CVE-2015-6975 y CVE-2015-6992. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205372 https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7002
https://notcve.org/view.php?id=CVE-2015-7002
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a los CVEs WebKit listados en APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3 y APPLE-SA-2015-10-21-5. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/77267 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205372 https://support.apple.com/HT205377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7011
https://notcve.org/view.php?id=CVE-2015-7011
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a los CVEs WebKit listados en APPLE-SA-2015-10-21-3 y APPLE-SA-2015-10-21-5. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html http://www.securityfocus.com/bid/77264 http://www.securitytracker.com/id/1033939 https://support.apple.com/HT205372 https://support.apple.com/HT205377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7012
https://notcve.org/view.php?id=CVE-2015-7012
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a los CVEs WebKit listados en APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3 y APPLE-SA-2015-10-21-5. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html http://www.securityfocus.com/bid/77267 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205372 https://support.apple.com/HT205377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •