Page 42 of 210 results (0.011 seconds)

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." Vulnerabilidad desconocida en CoreFoundation para Mac OS X 10.3.3, relacionada con "registro (logging) de notificaciones". • http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://secunia.com/advisories/10959 https://exchange.xforce.ibmcloud.com/vulnerabilities/15299 •

CVSS: 5.0EPSS: 3%CPEs: 36EXPL: 1

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. Vulnerabilidad de cadena de formato en el demonio de Protocolo Punto-a-Punto (pppd) 2.4.0 de Mac OS X 10.3.2 y anteriores permite a atacantes remotos leer datos arbitrarios del proceso pppd, incluyendo credenciales de autenticación PAP o CHAP, para ganar privilegios. • http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://www.atstake.com/research/advisories/2004/a022304-1.txt http://www.kb.cert.org/vuls/id/841742 http://www.osvdb.org/6822 http://www.securityfocus.com/bid/9730 https://exchange.xforce.ibmcloud.com/vulnerabilities/15297 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. • http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html http://secunia.com/advisories/10474 http://www.auscert.org.au/render.html?it=3704 http://www.securityfocus.com/bid/9266 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. Apple Safari 1.0 a 1.1 en Mac OS X 10.3.1 y Mac OS X 10.2.8 permite a atacantes remotos robar 'cookies' de usuarios de otro dominio mediante un enlace con un carácter nulo codificado-hex (%00) seguido del dominio objetivo. • http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/mhonarc/security-announce/msg00042.html http://marc.info/?l=bugtraq&m=106917674428552&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/7973 •

CVSS: 9.8EPSS: 13%CPEs: 3EXPL: 0

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. Desbordamiento de búfer en la librería Cyrus SASL 2.1.9 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante entradas largas durante la canonización de nombre de usuario caractéres que necesitan ser escapados durante autenticación LDAP usando saslauth, o un error por uno en el escritor del log, que no asigna espacio para el carácter nulo que termina la cadena. • http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://marc.info/?l=bugtraq&m=103946297703402&w=2 http://www.debian.org/security/2002/dsa-215 http://www.redhat.com/support/errata/RHSA-2002-283.html http://www.securityfocus.com/advisories/4826 http://www.securityfocus.com/bid/6347 http://www.securityfocus.com/bid/6348 • CWE-131: Incorrect Calculation of Buffer Size •