Page 326 of 2413 results (0.015 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. SpotlightIndex en Apple OS X anterior a 10.10.2 no realiza correctamente la deserialización durante el acceso a un caché de permisos, lo que permite a usuarios locales leer los resultados asociados con los ficheros protegidos de otros usuarios a través de una consulta Spotlight. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100529 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. El componente de seguridad en Apple OS X anterior a 10.10.2 no procesa correctamente la información en caché sobre los certificados de aplicaciones, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper mediante el aprovechamiento del acceso a un certificado de identificación Developer revocado a la espera de firmarse una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100525 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. La funcionalidad de la creación de indices en Spotlight en Apple OS X anterior a 10.10.2 escribe los contenidos de la memoria en un disco duro externo, lo que permite a usuarios locales obtener información sensible mediante la lectura de este disco. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. Múltiples vulnerabilidades no especificadas en el controlador Bluetooth en Apple OS X anterior a 10.10.2 permiten a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100491 •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. IOHIDFamily en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto del kernel o causar una denegación de servicio (escritura a la memoria del kernel) a través de una aplicación manipulada que llama a un método de cliente usuario no especificado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100513 • CWE-19: Data Processing Errors •