CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4635 – Apple Security Advisory 2016-07-18-2
https://notcve.org/view.php?id=CVE-2016-4635
19 Jul 2016 — FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. FaceTime en Apple iOS en versiones anteriores a 9.3.3 y OS X en versiones anteriores a 10.11.6 permite a atacantes man-in-the-middle suplantar la retransmisión de llamada y obtener información de audio sensible en circunstancias oportunistas, a través de vectores no especificados. OS X ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 1CVE-2016-4637 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4637
19 Jul 2016 — CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image. CoreGraphics en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4638 – Apple OS X WindowServer _XSetApplicationBindingsForWorkspaces Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4638
19 Jul 2016 — Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes obtener privilegios a través de una aplicación manipulada que aprovecha una "confusión de tipo". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a m... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4639 – Apple OS X WindowServer Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4639
19 Jul 2016 — Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. Login Window en Apple OS X en versiones anteriores a 10.11.6 no inicializa correctamente la memoria, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to e... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4640 – Apple OS X WindowServer _XRegisterCursorWithData Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4640
19 Jul 2016 — Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado, obtener información sensible de usuario, o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability a... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4641 – Apple OS X WindowServer Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4641
19 Jul 2016 — Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado u obtener información sensible de usuario a través de una aplicación manipulada que aprovecha una "confusión de tipo". This vulnerability allows local attackers to execute arbit... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4645 – Apple Security Advisory 2016-07-18-1
https://notcve.org/view.php?id=CVE-2016-4645
19 Jul 2016 — CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. CFNetwok en Apple OS X en versiones anteriores a 10.11.6 utiliza permisos débiles para cookies de navegador web, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclo... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4646 – Apple OS X ACMP4AACBaseDecoder Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-4646
19 Jul 2016 — Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. Audio en Apple OS X en versiones anteriores a 10.11.6 no maneja correctamente un valor de tamaño, lo que permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (lectura fuera de rango) a través de una archivo de audio manipulado. This vulnerability allows remote attackers t... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4647 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4647
19 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4648 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4648
19 Jul 2016 — Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel o provocar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerab... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •