Page 50 of 300 results (0.009 seconds)

CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0

Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. Desbordamiento de búfer en ColorSync en Mac OS X 10.4.11 y 10.5.5 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente ejecutar arbitrariamente código a través de una imagen o un perfil ICC manipulado. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31715 http://www.securitytracker.com/id?1021023 http://www.vupen.com/english/advisories/2008/2780 https://exchang • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. Vulnerabilidad no especificada en el editor de scripts de Mac OS X v10.4.11 y v10.5.5 que permite a usuarios locales producir que el diccionario de scripts se escriba en lugares arbitrarios, relacionado con una "operación insegura de fichero" en los ficheros temporales. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31716 http://www.securitytracker.com/id?1021029 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45786 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentación se indica que podría permitir a atacantes remotos evitar las restricciones de acceso establecidas. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31708 http://www.securitytracker.com/id?1021028 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45785 • CWE-16: Configuration •

CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado con una "cuestión de chequeo de error". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31379 http://www.securitytracker.com/id?1020943 https://exchange.xforce.ibmcloud.com/vulnerabilities/45396 • CWE-665: Improper Initialization •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." Vulnerabilidad de ejecución de comandos en sitios cruzados en Wiki Server en Apple Mac OS X 10.5 a la v10.5.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un mensaje de e-mail que llega al archivo "mailin-list", también conocido como "Inyección de JavaScript persistente". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020886 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •