Page 52 of 317 results (0.013 seconds)

CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentación se indica que podría permitir a atacantes remotos evitar las restricciones de acceso establecidas. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31708 http://www.securitytracker.com/id?1021028 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45785 • CWE-16: Configuration •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." Vulnerabilidad inespecífica en Finder en Mac OS X 10.5.5 que permite a atacantes remotos con la ayuda del usuario producir una denegación de servicio (reinicios continuos) a través de un fichero Desktop manipulado que produce un error cuando su icono es creado, relacionado con un error de "situación de recuperación de errores" • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31720 http://www.securitytracker.com/id?1021024 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45780 •

CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31380 http://www.securitytracker.com/id?1020944 https://exchange.xforce.ibmcloud.com/vulnerabilities/45397 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado con una "cuestión de chequeo de error". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31379 http://www.securitytracker.com/id?1020943 https://exchange.xforce.ibmcloud.com/vulnerabilities/45396 • CWE-665: Improper Initialization •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." Vulnerabilidad de ejecución de comandos en sitios cruzados en Wiki Server en Apple Mac OS X 10.5 a la v10.5.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un mensaje de e-mail que llega al archivo "mailin-list", también conocido como "Inyección de JavaScript persistente". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020886 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •