Page 336 of 2432 results (0.020 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Bluetooth en Apple OS X anterior a 10.10 no requiere cifrado para dispositivos HID de baja energía, lo que permite a atacantes remotos suplantar un dispositivo mediante el aprovechamiento de un emparejamiento previo. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://secunia.com/advisories/61825 http://secunia.com/advisories/61827 http://www.securityfocus.com/archive/1/533746 http://www.securityfocus.com/archive/1/533747 http://www.securityfocus.com/bid/70636 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97641 https://support.apple.com/kb/HT6535 https://support.apple.com/kb/HT6541 https://support.apple.com/kb/HT6542 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Safari en Apple OS X anterior a 10.10 permite a atacantes remotos causar una denegación de servicio (interrupción de las notificaciones Push globales) a través de un sitio web que lance una excepción SafariNotificationAgent sin capturar enviando una notificación Push manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70629 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97625 https://support.apple.com/kb/HT6535 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70635 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97642 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuración 'requerir contraseña tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes físicamente próximos obtener acceso a una estación de trabajo desatendida. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70630 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97640 https://support.apple.com/kb/HT6535 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. La característica Firma de Código (Code Signing) en Apple OS X anterior a 10.10 no maneja debidamente los recursos incompletos en grupos firmados, lo que permite a atacantes remotos evadir las restricciones de app-author omitiendo un recurso relacionado con la ejecución. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Gatekeeper. The issue lies in the usage of signed applications that do not sign the frameworks they depend on. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70637 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97644 https://support.apple.com/kb/HT6535 • CWE-310: Cryptographic Issues •