CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4771
https://notcve.org/view.php?id=CVE-2016-4771
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. El kernel en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a usuarios locales eludir restricciones destinadas al acceso de archivo a través de un directorio de nombre de ruta manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4703
https://notcve.org/view.php?id=CVE-2016-4703
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Bluetooth en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4715
https://notcve.org/view.php?id=CVE-2016-4715
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4745
https://notcve.org/view.php?id=CVE-2016-4745
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. El módulo PAM de Kerberos 5 (también conocido como krb5) en Apple OS X en versiones anteriores a 10.12 no utiliza operaciones de tiempo constante para determinar la validación de nombre de usuario, lo que facilita a atacantes remotos enumerar cuentas de usuario a través de un ataque de sincronización de canal lateral. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4755
https://notcve.org/view.php?id=CVE-2016-4755
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. Terminal en Apple OS X en versiones anteriores a 10.12 usa permisos débiles para los archivos .bash_history y .bash_session, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •