Page 12 of 96 results (0.014 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. Open Directory de Apple Mac OS X v10.7 antes de v10.7.2, cuando un servidor LDAPv3 se utiliza con el RFC 2307 o asignaciones personalizadas, permite a atacantes remotos evitar el requisito de contraseña mediante el aprovechamiento de la falta de un atributo AuthenticationAuthority de una cuenta de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76371 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 93%CPEs: 99EXPL: 1

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code. • https://www.exploit-db.com/exploits/17986 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76389 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50162 https://exchange.xforce.ibmcloud.com/vulnerabilities/70567 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. La característica de navegación privada en Apple Safari antes de v5.1.1 en Mac OS X no reconoce adecuadamente el valor "Always" de la caracteristica "Block Cookies", lo que hace más sencillo para servidores remotos localizar a usuarios a través de una cookie. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76391 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70569 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 136EXPL: 0

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. libsecurity en Apple Mac OS X antes de v10.7.2 no controla correctamente los errores durante el procesamiento de una extensión no estándar en la lista de certificados revocados (CRL), lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un (1) sitio web o (2) mensaje de correo electrónico manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. Error de signo entero en Apple Type Services (ATS) en Apple Mac OS X c10.7 antes c10.7.2 permite a atacantes remotos ejecutar código de su elección a través de una fuente de tipo 1 modificada, incrustada en un documento. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76356 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 https://exchange.xforce.ibmcloud.com/vulnerabilities/70571 • CWE-189: Numeric Errors •