CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4715
https://notcve.org/view.php?id=CVE-2016-4715
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. El componente Date & Time Pref Pane en Apple OS X en versiones anteriores a 10.12 no maneja correctamente el archivo .GlobalPreferences, lo que permite a atacantes descubrir la localización de usuarios a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4722
https://notcve.org/view.php?id=CVE-2016-4722
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. El componente IDS - Connectivity en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes man-in-the-middle llevar a cabo ataques de suplantación Call Relay y provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4707
https://notcve.org/view.php?id=CVE-2016-4707
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente la eliminación de Local Storage, lo que permite a usuarios locales descubrir los sitios web visitados por usuarios arbitrarios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-19: Data Processing Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4698
https://notcve.org/view.php?id=CVE-2016-4698
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. AppleMobileFileIntegrity en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 no maneja correctamente el proceso de autorización y los valores Team ID en la política de herencia de puerto de tareas, lo que permite a atacantes remotos ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4711
https://notcve.org/view.php?id=CVE-2016-4711
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. Crypt en corecrypto en CommonCrypto en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes descubrir información en texto plano aprovechando una llamada a una función que especifica el mismo búfer para entrada y salida. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •