Page 347 of 2317 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipulados que provocan una corrupción de memoria. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. Finder en Apple OS X anterior a 10.9.2 no asegura la integridad ACL después de la visualización de información de archivo ACL, lo que permite a usuarios locales evadir restricciones de acceso en circunstancias oportunistas a través de operaciones estándar de sistemas de archivos en un archivo con una ACL dañada. • http://support.apple.com/kb/HT6150 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509 de servidores HTTPS que son accedidos mediante el uso de una dirección IP numérica, lo que permite a atacantes man-in-the-middle falsificar servidores a través de un certificado manipulado. • http://curl.haxx.se/docs/adv_20140326C.html http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://support.apple.com/kb/HT6150 http://twitter.com/agl__/statuses/437029812046422016 http://twitter.com/okoeroo/statuses/437272014043496449 http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release http://www.getchef.com/blog/2014/ • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Apple Type Services (ATS) en Apple OS X anterior a 10.9.2 no valida debidamente llamadas a la función "free", lo que permite a atacantes evadir el mecanismo de protección App Sandbox a través de mensajes Mach manipuilados. • http://support.apple.com/kb/HT6150 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 0

Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. Desbordamiento de buffer basado en pila en CoreAnimation en Apple OS X anterior a 10.9.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen manipulada. • http://support.apple.com/kb/HT6150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •