Page 381 of 2935 results (0.013 seconds)

CVSS: 10.0EPSS: 61%CPEs: 126EXPL: 0

CVE-2012-0650 – Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Un desbordamiento de búfer en el Proxy DirectoryService en DirectoryService en Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-1147

https://notcve.org/view.php?id=CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. readfilemap.c en expat antes de v2.1.0 permite causar una denegación de servicio (por consumo de descriptores de fichero) a atacantes dependientes de contexto a través de un gran número de archivos XML hechos a mano. • http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://sourceforge.net/projects/expat/files/expat/2.1.0 http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127 http://trac.wxwidgets.org/ticket/11194 http://trac.wxwidgets.org/ticket/11432 http://www.securityfocus.com/bid/52379 http://www.securitytracker.com/id/1034344 https://support • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0

CVE-2012-0675

https://notcve.org/view.php?id=CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. Time Machine de Apple Mac OS X antes de v10.7.4 no requiere el uso continuo de la autenticación basada en SRP después de este método de autenticación que haya utilizado por primera vez, lo que permite a atacantes remotos leer las credenciales de la Time Capsule por suplantación de identidad del volumen de copia de seguridad. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0

CVE-2012-0661 – Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0661

Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. Vulnerabilidad de error en la gestión de recursos en QuickTime en Apple Mac OS X v10.7.x antes de v10.7.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película modificado, con codificación JPEG2000 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53466 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 54%CPEs: 140EXPL: 0

CVE-2012-0659 – Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53467 • CWE-189: Numeric Errors •