CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4679 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4679
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones ante... • http://www.securityfocus.com/bid/93849 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4667 – Apple Security Advisory 2016-10-24-2
https://notcve.org/view.php?id=CVE-2016-4667
24 Oct 2016 — An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente "ATS". • http://www.securityfocus.com/bid/93852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4660 – Apple Security Advisory 2016-10-24-1
https://notcve.org/view.php?id=CVE-2016-4660
24 Oct 2016 — An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriore... • http://www.securityfocus.com/bid/93849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4745
https://notcve.org/view.php?id=CVE-2016-4745
25 Sep 2016 — The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. El módulo PAM de Kerberos 5 (también conocido como krb5) en Apple OS X en versiones anteriores a 10.12 no utiliza operaciones de tiempo constante para determinar la validación de nombre de usuario, lo que facilita a atacantes remotos enumerar cuentas de usuario a través ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4706
https://notcve.org/view.php?id=CVE-2016-4706
25 Sep 2016 — cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. cd9660 en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4716
https://notcve.org/view.php?id=CVE-2016-4716
25 Sep 2016 — diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. diskutil en DiskArbitration en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4755
https://notcve.org/view.php?id=CVE-2016-4755
25 Sep 2016 — Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. Terminal en Apple OS X en versiones anteriores a 10.12 usa permisos débiles para los archivos .bash_history y .bash_session, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4696
https://notcve.org/view.php?id=CVE-2016-4696
25 Sep 2016 — AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. AppleEFIRuntime en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4715
https://notcve.org/view.php?id=CVE-2016-4715
25 Sep 2016 — The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4779
https://notcve.org/view.php?id=CVE-2016-4779
25 Sep 2016 — Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo fuente manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •