CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4723
https://notcve.org/view.php?id=CVE-2016-4723
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4716
https://notcve.org/view.php?id=CVE-2016-4716
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. diskutil en DiskArbitration en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4739
https://notcve.org/view.php?id=CVE-2016-4739
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. mDNSResponder en Apple OS X en versiones anteriores a 10.12, cuando se usa VMnet.framework, ordena que un proxy DNS sea escuchado en todas las interfaces, lo que permite a atacantes remotos obtener información sensible enviando una consulta DNS a una interfaz involuntaria. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4709 – Apple OS X WindowServer _XSetPerUserConfigurationData Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4709
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. WindowServer en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales obtener acceso de root a través de vectores que desencadenan una "confusión de tipo", una vulnerabilidad diferente a CVE-2016-4710. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 http://www.zerodayinitiative.com/advisories/ZDI-16-609 https://support.apple.com/HT207170 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4717
https://notcve.org/view.php?id=CVE-2016-4717
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. El componente File Bookmark en Apple SO X en versiones anteriores a 10.12 no maneja correctamente descriptores de archivos de marcadores de ámbito, lo que permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 •