Page 327 of 2413 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. El componente de seguridad en Apple OS X anterior a 10.10.2 no procesa correctamente la información en caché sobre los certificados de aplicaciones, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper mediante el aprovechamiento del acceso a un certificado de identificación Developer revocado a la espera de firmarse una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100525 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document. CoreGraphics en Apple OS X anterior a 10.10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un documento PDF manipulado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100495 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. Desbordamiento de buffer basado en memoria dinámica en SceneKit en Apple OS X anterior a 10.10.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un elemento de acceso manipulado en un fichero Collada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 https://exchange.xforce.ibmcloud.com/vulnerabilities/100524 https://support.apple.com/HT204659 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. LaunchServices en Apple OS X anterior a 10.10.2 no maneja correctamente los metadatos de tipos de ficheros, lo que permite a atacantes evadir el mecanismo de protección Gatekeeper a través de un archive JAR manipulado. A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine. • https://www.exploit-db.com/exploits/35934 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/130147/OS-X-Gatekeeper-Bypass.html http://seclists.org/fulldisclosure/2015/Jan/109 http://support.apple.com/HT204244 http://www.exploit-db.com/exploits/35934 http://www.osvdb.org/117659 http://www.securityfocus.com/archive/1/534567/100/0/threaded http://www.securityfocus.com/bid/72341 http://www.securitytracker.com/id/1031650& • CWE-19: Data Processing Errors •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. El proceso App Store en CommerceKit Framework en Apple OS X anterior a 10.10.2 coloca las credenciales de identificación de Apple en los registros de App Store, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.securitytracker.com/id/1031650 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •