Page 156 of 2869 results (0.019 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2015 — AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. AppleThunderboltEDMService en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de comandos Thunderbolt no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary co... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2015 — Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. Admin Framework en Apple OS X anterior a 10.10.4 no maneja correctamente los errores de autenticación, lo que permite a usuarios locales obtener privilegios de la administración a través de vectores no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code executi... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2015 — Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. Apple OS X anterior a 10.10.4 no considera correctamente las reglas de recursos personalizadas durante la verificación de firmas de aplicaciones, lo que permite a atacantes evadir las restricciones de lanzamiento a través de una aplicación modificada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-254: 7PK - Security Features •

CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 0

01 Jul 2015 — TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. TrueTypeScaler en FontParser en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad di... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 2%CPEs: 61EXPL: 1

09 Jun 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. Desbordamiento de enteros en la función ftp_genlist en ext/ftp/ftp.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permite a servidores FTP remotos ejecutar código arbitrario a través de una contestación larga a un comando LI... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 9.8EPSS: 33%CPEs: 65EXPL: 1

09 Jun 2015 — Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos ca... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •

CVSS: 9.8EPSS: 4%CPEs: 59EXPL: 1

09 Jun 2015 — The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. La función phar_parse_metadata en ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos causar una denegación de servicio (corrupción de metadatos de la memoria dinámica) o posibl... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 2%CPEs: 61EXPL: 0

09 Jun 2015 — PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 tr... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-19: Data Processing Errors CWE-626: Null Byte Interaction Error (Poison Null Byte) •