CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4752
https://notcve.org/view.php?id=CVE-2016-4752
25 Sep 2016 — The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. La función SecKeyDeriveFromPassword en Apple OS X en versiones anteriores a 10.12 no utiliza la palabra clave CF_RETURNS_RETAINED, lo que permite a atacantes obtener información sensible desde el proceso de memoria desencadenando la obtención de clave. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4709 – Apple OS X WindowServer _XSetPerUserConfigurationData Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4709
25 Sep 2016 — WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. WindowServer en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener acceso de root a través de vectores que desencadenan una "confusión de tipo", una vulnerabilidad diferente a CVE-2016-4710. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4710 – Apple OS X WindowServer _XSetPreferencesForWorkspaces Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4710
25 Sep 2016 — WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. WindowServer en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener acceso de root a través de vectores que desencadenan una "confusión de tipo", una vulnerabilidad diferente a CVE-2016-4709. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4717
https://notcve.org/view.php?id=CVE-2016-4717
25 Sep 2016 — The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. El componente File Bookmark en Apple SO X en versiones anteriores a 10.12 no maneja correctamente descriptores de archivos de marcadores de ámbito, lo que permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4748
https://notcve.org/view.php?id=CVE-2016-4748
25 Sep 2016 — Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. Perl en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales eludir el mecanismo de protección a través de un entorno variable manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4723
https://notcve.org/view.php?id=CVE-2016-4723
25 Sep 2016 — Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4736 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2016-4736
25 Sep 2016 — libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. libarchive en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tener otros posibles impactos no especificados a través de un archivo manipulado. macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now availa... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4753 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4753
20 Sep 2016 — Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no maneja correctamente imágenes de disco indicado, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación ma... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4726 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4726
20 Sep 2016 — IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4707 – Ubuntu Security Notice USN-3166-1
https://notcve.org/view.php?id=CVE-2016-4707
20 Sep 2016 — CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente la eliminación de Local Storage, lo que permite a usuarios locales descubrir los sitios web visitados por usuarios arbitrarios a través de vectores no especificados. A large number of security issues were... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •