NotCVE - vendor:"Apple" product:"Mac Os X" version:" <= 10.11.0"

Page 106 of 2935 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4710 – Apple OS X WindowServer _XSetPreferencesForWorkspaces Type Confusion Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-4710

25 Sep 2016 — WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. WindowServer en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener acceso de root a través de vectores que desencadenan una "confusión de tipo", una vulnerabilidad diferente a CVE-2016-4709. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4713

https://notcve.org/view.php?id=CVE-2016-4713

25 Sep 2016 — CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. CoreDisplay en Apple OS X en versiones anteriores a 10.12 permite a atacantes ver pantallas arbitrarias de usuarios aprovechando el acceso de compartir pantalla. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4715

https://notcve.org/view.php?id=CVE-2016-4715

25 Sep 2016 — The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4716

https://notcve.org/view.php?id=CVE-2016-4716

25 Sep 2016 — diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. diskutil en DiskArbitration en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4717

https://notcve.org/view.php?id=CVE-2016-4717

25 Sep 2016 — The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. El componente File Bookmark en Apple SO X en versiones anteriores a 10.12 no maneja correctamente descriptores de archivos de marcadores de ámbito, lo que permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4723

https://notcve.org/view.php?id=CVE-2016-4723

25 Sep 2016 — Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4736 – Apple Security Advisory 2017-10-31-2

https://notcve.org/view.php?id=CVE-2016-4736

25 Sep 2016 — libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. libarchive en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tener otros posibles impactos no especificados a través de un archivo manipulado. macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now availa... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4739

https://notcve.org/view.php?id=CVE-2016-4739

25 Sep 2016 — mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. mDNSResponder en Apple OS X en versiones anteriores a 10.12, cuando se usa VMnet.framework, ordena que un proxy DNS sea escuchado en todas las interfaces, lo que permite a atacantes remotos obtener información sensible enviando una consulta DNS a una interfaz involuntaria. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4742

https://notcve.org/view.php?id=CVE-2016-4742

25 Sep 2016 — NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. NSSecureTextField en Apple OS X en versiones anteriores a 10.12 no habilita Secure Input, lo que permite a atacantes descubrir credenciales a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4745

https://notcve.org/view.php?id=CVE-2016-4745

25 Sep 2016 — The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. El módulo PAM de Kerberos 5 (también conocido como krb5) en Apple OS X en versiones anteriores a 10.12 no utiliza operaciones de tiempo constante para determinar la validación de nombre de usuario, lo que facilita a atacantes remotos enumerar cuentas de usuario a través ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...104 105 106 107 108