Apple macOS vulnerabilities

CVE-2016-1805 [HIGH] CWE-284 CVE-2016-1805: CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1828 [HIGH] CVE-2016-1828: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.

CVE-2015-8865 [HIGH] CWE-119 CVE-2015-8865: The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted

CVE-2016-1810 [HIGH] CWE-119 CVE-2016-1810: The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary co The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1825 [HIGH] CWE-119 CVE-2016-1825: IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1809 [HIGH] CVE-2016-1809: Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.

CVE-2016-1820 [HIGH] CWE-119 CVE-2016-1820: Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1841 [HIGH] CWE-119 CVE-2016-1841: libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befo libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2016-1823 [HIGH] CWE-125 CVE-2016-1823: The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a differ

CVE-2016-1800 [HIGH] CWE-20 CVE-2016-1800: Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

CVE-2016-1834 [HIGH] CWE-119 CVE-2016-1834: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

CVE-2016-1803 [HIGH] CWE-476 CVE-2016-1803: CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2. CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-1830 [HIGH] CVE-2016-1830: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.

CVE-2016-1793 [HIGH] CVE-2016-1793: AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-1842 [HIGH] CWE-284 CVE-2016-1842: MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS f MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

CVE-2016-1832 [HIGH] CWE-119 CVE-2016-1832: libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 all libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-1812 [HIGH] CWE-119 CVE-2016-1812: Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute ar Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1792 [HIGH] CWE-119 CVE-2016-1792: The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1817 [HIGH] CWE-119 CVE-2016-1817: IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.

CVE-2016-1795 [HIGH] CWE-119 CVE-2016-1795: AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.