CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-4625 – Apple macOS 10.12 - 'task_t' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4625
22 Jul 2016 — Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Vulnerabilidad de uso después de liberación de memoria en IOSurface en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios a través vectores no especificados. Mac OS X and iOS kernels suffer from a use-after-free vulnerability in IOSurface. • https://www.exploit-db.com/exploits/40669 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4621
https://notcve.org/view.php?id=CVE-2016-4621
22 Jul 2016 — libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. libc++abi en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2016-4629
https://notcve.org/view.php?id=CVE-2016-4629
22 Jul 2016 — ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. ImageIO en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de valores xStride e yStride manipulados en una imagen EXR. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4645
https://notcve.org/view.php?id=CVE-2016-4645
22 Jul 2016 — CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. CFNetwok en Apple OS X en versiones anteriores a 10.11.6 utiliza permisos débiles para cookies de navegador web, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4648 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4648
22 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel o provocar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerab... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4635
https://notcve.org/view.php?id=CVE-2016-4635
22 Jul 2016 — FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. FaceTime en Apple iOS en versiones anteriores a 9.3.3 y OS X en versiones anteriores a 10.11.6 permite a atacantes man-in-the-middle suplantar la retransmisión de llamada y obtener información de audio sensible en circunstancias oportunistas, a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4634
https://notcve.org/view.php?id=CVE-2016-4634
22 Jul 2016 — The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. El subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4640 – Apple OS X WindowServer _XRegisterCursorWithData Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4640
22 Jul 2016 — Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado, obtener información sensible de usuario, o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability a... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4649
https://notcve.org/view.php?id=CVE-2016-4649
22 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4638 – Apple OS X WindowServer _XSetApplicationBindingsForWorkspaces Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4638
22 Jul 2016 — Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes obtener privilegios a través de una aplicación manipulada que aprovecha una "confusión de tipo". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a m... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •