Page 383 of 2946 results (0.019 seconds)

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0

CVE-2012-3716

https://notcve.org/view.php?id=CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. CoreText en Apple Mac OS X v10.7.x anteriores a v10.7.5 permite a atacantes remotos a ejecutar código o provocar una denegación de servicio (escritura o lectura fuera del límite) a través de una texto glyph manipulado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 142EXPL: 0

CVE-2012-3723

https://notcve.org/view.php?id=CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y caída del sistema) conectando un dispositivo USB. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-1147

https://notcve.org/view.php?id=CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. readfilemap.c en expat antes de v2.1.0 permite causar una denegación de servicio (por consumo de descriptores de fichero) a atacantes dependientes de contexto a través de un gran número de archivos XML hechos a mano. • http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://sourceforge.net/projects/expat/files/expat/2.1.0 http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127 http://trac.wxwidgets.org/ticket/11194 http://trac.wxwidgets.org/ticket/11432 http://www.securityfocus.com/bid/52379 http://www.securitytracker.com/id/1034344 https://support • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0

CVE-2012-0675

https://notcve.org/view.php?id=CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. Time Machine de Apple Mac OS X antes de v10.7.4 no requiere el uso continuo de la autenticación basada en SRP después de este método de autenticación que haya utilizado por primera vez, lo que permite a atacantes remotos leer las credenciales de la Time Capsule por suplantación de identidad del volumen de copia de seguridad. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 12%CPEs: 140EXPL: 0

CVE-2012-0662 – Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. Desbordamiento de entero en el Security Framework en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una entrada modificada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm. The library defines an allocation routine as having an argument type uint32. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53468 • CWE-189: Numeric Errors •