Page 371 of 2137 results (0.016 seconds)

CVSS: 6.8EPSS: 1%CPEs: 132EXPL: 0

Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. Apple Type Services (ATS) en Apple Mac OS X v10.6.8 no maneja adecuadamente fuentes incrustadas de Tipo 1, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento manipulado que provoca un acceso a memoria con desbordamiento. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 1%CPEs: 132EXPL: 0

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. CoreMedia en Apple Mac OS X v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de un archivo de película QuickTime manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 136EXPL: 0

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." CFNetwork en Apple Mac OS X v10.7.2 no aplica de forma adecuada la política de almacenamiento de cookies, lo que hace que sea fácil para servidores Web remotos rastrear a los usuarios a través de una cookie, en relación con un "problema de sincronización". • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 0

Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Vulnerabilidad de formato de cadena en la funcionalidad debug-logging en el Firewall de Aplicación en Apple Mac OS X anteriores a v10.7.2 que permite a usuarios locales conseguir privilegios a través de un nombre de archivo ejecutable manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50092 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.8EPSS: 4%CPEs: 10EXPL: 0

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Vulnerabilidad de doble liberación en libxml2, tal y como se usa en Google Chrome antes de v14.0.835.163, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el manejo de XPath. • http://code.google.com/p/chromium/issues/detail?id=93472 http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/75560 http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT5281 http://support. • CWE-415: Double Free •