NotCVE - vendor:"Apple" product:"Mac Os X" version:"10.10.4"

Page 218 of 1538 results (0.013 seconds)

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1

CVE-2016-4630

https://notcve.org/view.php?id=CVE-2016-4630

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. ImageIO en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una imagen EXR manipulada con compresión B44. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://www.talosintelligence.com/reports/TALOS-2016-0181 https://github.com/openexr/openexr/issues/563 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4648 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-4648

Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel o provocar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the DspFuncLib extension. The issue lies in the failure to properly handle error conditions leading to a dangling pointer being reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://www.zerodayinitiative.com/advisories/ZDI-16-496 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4638 – Apple OS X WindowServer _XSetApplicationBindingsForWorkspaces Type Confusion Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-4638

Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes obtener privilegios a través de una aplicación manipulada que aprovecha una "confusión de tipo". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CoreGraphics. By interacting with _XSetApplicationBindingsForWorkspaces, an attacker can cause a type confusion condition. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-4635

https://notcve.org/view.php?id=CVE-2016-4635

FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. FaceTime en Apple iOS en versiones anteriores a 9.3.3 y OS X en versiones anteriores a 10.11.6 permite a atacantes man-in-the-middle suplantar la retransmisión de llamada y obtener información de audio sensible en circunstancias oportunistas, a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://www.securityfocus.com/bid/91829 http://www.securitytracker.com/id/1036344 http://www.securitytracker.com/id/1037086 https://support.apple.com/HT206902 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-4634

https://notcve.org/view.php?id=CVE-2016-4634

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. El subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1...216 217 218 219 220