PT-2026-2974

Mattermost has missing redirect URL validation in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

Apple Mac OS X Multiple Vulnerabilities-01 (Nov 2016)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-1861

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app, a different vulnerability than CVE-2016-1846...

Memory corruption

Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860...

CVE-2016-1846

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference and memory corruption via a crafted app...

CVE-2016-1816

IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via a crafted app...

CVE-2016-1814

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted app...

CVE-2016-1800

Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors...

CVE-2016-1797

Apple Type Services ATS in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app...

Buffer overflow

Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app...

Null pointer dereference

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image...

CVE-2016-1843

CVE-2016-1843 affects OS X El Capitan prior to 10.11.5. The issue is in the Messages component, where filename encoding is mishandled, allowing remote attackers to obtain sensitive information via unspecified vectors. Apple’s security content for OS X El Capitan v10.11.5 and Security Update 2016-...

CVE-2016-1794

CVE-2016-1794 concerns Apple OS X before 10.11.5, where the AppleGraphicsControlClient::checkArguments check can dereference a NULL pointer in AppleGraphicsControl, allowing an attacker to execute arbitrary code in kernel context or cause a denial of service. Public material confirms kernel‑level...

CVE-2016-1812

CVE-2016-1812 describes a vulnerability in the Intel Graphics Driver on OS X El Capitan (OS X) prior to 10.11.5. A buffer overflow in the driver could allow a crafted application to execute arbitrary code with kernel privileges (privileged context) on the affected system. Documented impact aligns...

CVE-2016-1829

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828,...

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document...

PT-2016-2031

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.4 Apple iOS versions prior to 9.3.2 OS X versions prior to 10.11.5 tvOS versions prior to 9.2.1 watchOS versions prior to 2.2.1 Description The issue is caused by a heap-based buffer overflow in the xmlStrncat...