NotCVE - vendor:"Apple" product:"Mac Os X" version:"10.6.9"

Page 53 of 1874 results (0.012 seconds)

CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0

CVE-2020-3911

https://notcve.org/view.php?id=CVE-2020-3911

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. Se abordó un desbordamiento del búfer con una comprobación de límites mejorada. Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, macOS Catalina versión 10.15.4, tvOS versión 13.4, watchOS versión 6.2, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. • https://support.apple.com/HT211100 https://support.apple.com/HT211101 https://support.apple.com/HT211102 https://support.apple.com/HT211103 https://support.apple.com/HT211105 https://support.apple.com/HT211106 https://support.apple.com/HT211107 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option

https://notcve.org/view.php?id=CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegios originales pueden ser restaurados mediante una ejecución de zmodload de MODULE_PATH=/dir/with/module con un módulo que llama a la función setuid(). A flaw was found in zsh. • http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/53 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 http://zsh.sourceforge.net/releases.html https://github.com/XMB5/zsh-privileged-upgrade https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-4606

https://notcve.org/view.php?id=CVE-2016-4606

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Curl versiones anteriores a 7.49.1, en Apple OS X macOS Sierra versiones anteriores a 10.12, permite a atacantes remotos o locales ejecutar código arbitrario, conseguir información confidencial, causar condición de denegación de servicio (DoS), omitir las restricciones de seguridad y llevar a cabo acciones no autorizadas. Esto puede ayudar en otros ataques. • http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-5366

https://notcve.org/view.php?id=CVE-2012-5366

The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. La implementación de IPv6 en Apple Mac OS X (versiones desconocidas, año 2012 y anteriores), permite a atacantes remotos causar una denegación de servicio por medio de una avalancha de paquetes ICMPv6 Router Advertisement, que contienen múltiples entradas de Enrutamiento. • http://www.openwall.com/lists/oss-security/2012/10/10/12 https://www.securityfocus.com/bid/56170/info • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-14868 – ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

https://notcve.org/view.php?id=CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. En ksh versión 20120801, se detectó un fallo en la manera que evalúa determinadas variables de entorno. Un atacante podría usar este fallo para anular u omitir unas restricciones del entorno para ejecutar comandos de shell. • http://seclists.org/fulldisclosure/2020/May/53 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868 https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html https://support.apple.com/kb/HT211170 https://access.redhat.com/security/cve/CVE-2019-14868 https://bugzilla.redhat.com/show_bug.cgi?id=1757324 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

1...51 52 53 54 55