Page 208 of 2130 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. La función SecKeyDeriveFromPassword en Apple OS X en versiones anteriores a 10.12 no utiliza la palabra clave CF_RETURNS_RETAINED, lo que permite a atacantes obtener información sensible desde el proceso de memoria desencadenando la obtención de clave. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. S2 Camera en Apple iOS en versiones anteriores a 10 y OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/93056 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207143 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. Application Firewall en Apple OS X en versiones anteriores a 10.12 permite a usuarios locales provocar una denegación de servicio a través de vectores relacionados con un entorno variable SO_EXECPATH manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Bluetooth en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access. CoreDisplay en Apple OS X en versiones anteriores a 10.12 permite a atacantes ver pantallas arbitrarias de usuarios aprovechando el acceso de compartir pantalla. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •