CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4715
https://notcve.org/view.php?id=CVE-2016-4715
25 Sep 2016 — The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4748
https://notcve.org/view.php?id=CVE-2016-4748
25 Sep 2016 — Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. Perl en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales eludir el mecanismo de protección a través de un entorno variable manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4723
https://notcve.org/view.php?id=CVE-2016-4723
25 Sep 2016 — Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-4736 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2016-4736
25 Sep 2016 — libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. libarchive en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o tener otros posibles impactos no especificados a través de un archivo manipulado. macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now availa... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4779
https://notcve.org/view.php?id=CVE-2016-4779
25 Sep 2016 — Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.12 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo fuente manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4713
https://notcve.org/view.php?id=CVE-2016-4713
25 Sep 2016 — CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. CoreDisplay en Apple OS X en versiones anteriores a 10.12 permite a atacantes ver pantallas arbitrarias de usuarios aprovechando el acceso de compartir pantalla. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4745
https://notcve.org/view.php?id=CVE-2016-4745
25 Sep 2016 — The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. El módulo PAM de Kerberos 5 (también conocido como krb5) en Apple OS X en versiones anteriores a 10.12 no utiliza operaciones de tiempo constante para determinar la validación de nombre de usuario, lo que facilita a atacantes remotos enumerar cuentas de usuario a través ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4706
https://notcve.org/view.php?id=CVE-2016-4706
25 Sep 2016 — cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. cd9660 en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4701
https://notcve.org/view.php?id=CVE-2016-4701
25 Sep 2016 — Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. Application Firewall en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores relacionados con un entorno variable SO_EXECPATH manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4752
https://notcve.org/view.php?id=CVE-2016-4752
25 Sep 2016 — The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. La función SecKeyDeriveFromPassword en Apple OS X en versiones anteriores a 10.12 no utiliza la palabra clave CF_RETURNS_RETAINED, lo que permite a atacantes obtener información sensible desde el proceso de memoria desencadenando la obtención de clave. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •