Page 327 of 2413 results (0.017 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100523 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Desbordamiento de buffer basado en memoria dinámica en SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un elemento de acceso manipulado en un fichero Collada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100524 https://support.apple.com/HT204659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app. El controlador Bluetooth en Apple OS X anterior a 10.10.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (bzero de tamaño arbitrario de la memoria del kernel) a través de una aplicación manipulada. An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice. • http://code.google.com/p/google-security-research/issues/detail?id=136 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031626 https://exchange.xforce.ibmcloud.com/vulnerabilities/100490 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 4

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine. • https://www.exploit-db.com/exploits/35934 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.html http://seclists.org/fulldisclosure/2015/Jan/109 http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35934 http://www.osvdb.org/117659 http://www.securityfocus.com/archive/1/534567/100/0/threaded http://www.securityfocus.com/bid/72341 http://www.securitytracker.com/id/1031650& • CWE-19: Data Processing Errors •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. El Software de la CPU en Apple OS X anterior a 10.10.2 permite a atacantes físicamente próximos modificar firmware durante el proceso de actualización EFI mediante la inserción de un dispositivo Thunderbolt con código manipulado en un ROM Option, también conocido como el problema 'Thunderstrike'. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://trmm.net/Thunderstrike • CWE-17: DEPRECATED: Code •