Page 23 of 130 results (0.008 seconds)

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. La API strptime en Libsystem en Apple Mac OS X anteriores a v10.5.6, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación o agotamiento de memoria) o ejecutar código a su elección a través de una cadena de código de fecha manipulada, relacionada con la localización errónea de memoria • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32881 http://www.securitytracker.com/id?1021406 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0

Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. Multiples desbordamientos de entero en el kernel de Apple Mac OS X anteriores a v10.5.6 en plataformas Intel permite a usuarios locales ganar privilegios a través de una llamada manipulada a (1) i386_set_ldt or (2) i386_get_ldt. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32879 http://www.securitytracker.com/id?1021403 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 12%CPEs: 14EXPL: 0

Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32876 http://www.securitytracker.com/id?1021399 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0

Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. Podcast Producer en Apple Mac OS X v10.5 anterior a v10.5.6 permite a atacantes remotos evitar la autenticación y conseguir acceso de administrador a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32870 http://www.securitytracker.com/id?1021409 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. UDF en Apple Mac OS X anterior a v10.5.6, permite a atacantes asistidos por el usuario local provocar una denegación del servicio (caída del sistema) a través de un volumen UDF mal formado en un fichero ISO manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32872 http://www.securitytracker.com/id?1021410 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-20: Improper Input Validation •