CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4716
https://notcve.org/view.php?id=CVE-2016-4716
25 Sep 2016 — diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. diskutil en DiskArbitration en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4755
https://notcve.org/view.php?id=CVE-2016-4755
25 Sep 2016 — Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. Terminal en Apple OS X en versiones anteriores a 10.12 usa permisos débiles para los archivos .bash_history y .bash_session, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4696
https://notcve.org/view.php?id=CVE-2016-4696
25 Sep 2016 — AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. AppleEFIRuntime en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4715
https://notcve.org/view.php?id=CVE-2016-4715
25 Sep 2016 — The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4779
https://notcve.org/view.php?id=CVE-2016-4779
25 Sep 2016 — Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo fuente manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4713
https://notcve.org/view.php?id=CVE-2016-4713
25 Sep 2016 — CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. CoreDisplay en Apple OS X en versiones anteriores a 10.12 permite a atacantes ver pantallas arbitrarias de usuarios aprovechando el acceso de compartir pantalla. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4742
https://notcve.org/view.php?id=CVE-2016-4742
25 Sep 2016 — NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. NSSecureTextField en Apple OS X en versiones anteriores a 10.12 no habilita Secure Input, lo que permite a atacantes descubrir credenciales a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4739
https://notcve.org/view.php?id=CVE-2016-4739
25 Sep 2016 — mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. mDNSResponder en Apple OS X en versiones anteriores a 10.12, cuando se usa VMnet.framework, ordena que un proxy DNS sea escuchado en todas las interfaces, lo que permite a atacantes remotos obtener información sensible enviando una consulta DNS a una interfaz involuntaria. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4703
https://notcve.org/view.php?id=CVE-2016-4703
25 Sep 2016 — Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Bluetooth en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4701
https://notcve.org/view.php?id=CVE-2016-4701
25 Sep 2016 — Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. Application Firewall en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores relacionados con un entorno variable SO_EXECPATH manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •