Page 358 of 2061 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. El cliente mdmclient en control de dispositivos móviles en Apple Mac OS X anterior a 10.8.5 pone la contraseña en línea de comandos lo que permite a usuarios locales obtener información sensible inspeccionando el proceso • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. Instalador en Apple Mac OS X anteriores a v10.8.5 proporciona una opción para continuar la instalación de un paquete después de encontrar un certificado revocado, lo cual podría permitir a atacantes asistidos por un usuario ejecutar código arbitrario a través de un paquete manipulado. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. El kernel en Apple Mac OS X anterior a v10.8.5 permite a atacantes remotos provocar una denegación de servicio (causando un panic) a través de paquetes IGMP manipulados que aprovechan código incorrecto y extraño en el parser IGMP. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. CoreMedia reproducción en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un archivo de video especialmente diseñado. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://support.apple.com/kb/HT5784 http://support.apple.com/kb/HT6001 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles the LongComment PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value after it performs some mathematical operations on it. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •