CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4745
https://notcve.org/view.php?id=CVE-2016-4745
25 Sep 2016 — The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. El módulo PAM de Kerberos 5 (también conocido como krb5) en Apple OS X en versiones anteriores a 10.12 no utiliza operaciones de tiempo constante para determinar la validación de nombre de usuario, lo que facilita a atacantes remotos enumerar cuentas de usuario a través ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4706
https://notcve.org/view.php?id=CVE-2016-4706
25 Sep 2016 — cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. cd9660 en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4701
https://notcve.org/view.php?id=CVE-2016-4701
25 Sep 2016 — Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. Application Firewall en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores relacionados con un entorno variable SO_EXECPATH manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4752
https://notcve.org/view.php?id=CVE-2016-4752
25 Sep 2016 — The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. La función SecKeyDeriveFromPassword en Apple OS X en versiones anteriores a 10.12 no utiliza la palabra clave CF_RETURNS_RETAINED, lo que permite a atacantes obtener información sensible desde el proceso de memoria desencadenando la obtención de clave. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4742
https://notcve.org/view.php?id=CVE-2016-4742
25 Sep 2016 — NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. NSSecureTextField en Apple OS X en versiones anteriores a 10.12 no habilita Secure Input, lo que permite a atacantes descubrir credenciales a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4739
https://notcve.org/view.php?id=CVE-2016-4739
25 Sep 2016 — mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. mDNSResponder en Apple OS X en versiones anteriores a 10.12, cuando se usa VMnet.framework, ordena que un proxy DNS sea escuchado en todas las interfaces, lo que permite a atacantes remotos obtener información sensible enviando una consulta DNS a una interfaz involuntaria. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4703
https://notcve.org/view.php?id=CVE-2016-4703
25 Sep 2016 — Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Bluetooth en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4776 – Apple Security Advisory 2016-09-20-5
https://notcve.org/view.php?id=CVE-2016-4776
20 Sep 2016 — The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes obtener información de estructura de memor... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4699 – Apple OS X AudioAUUC Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4699
20 Sep 2016 — AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. AppleUUC en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad distinta de CVE-2016-4700. This vulnerability all... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges
https://notcve.org/view.php?id=CVE-2016-4658
20 Sep 2016 — xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12,... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •