Page 54 of 310 results (0.016 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en iChat Server de Apple Mac OS X Server en versiones anteriores a la v10.6.3 permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. CoreAudio en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código de su elección o a provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de contenido de audio manipulado, codificado con QDMC. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the QuickTimeAudioSupport.qtx library when parsing malformed QDMC and QDM2 codec atoms. By modifying specific values within the stream an attacker can cause heap corruption which can lead to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7513 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. El servidor de contraseñas -Password Server- de Mac OS X Server anterior a v10.6.3 no realiza la duplicación de contraseñas adecuadamente, esto puede permitir a usuarios autenticados en remoto obtener acceso registrado a través de una contraseña que ya haya caducado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. Mail en Apple Mac OS X anterior v10.6.3 no refuerza adecuadamente la clave de extensión usage durante el procesado de una cadena de claves que especifica múltiples certificados para un recipiente e-mail, lo que puede hacer que sea fácil para atacantes remotos obtener información sensible a través de ataques de fuerza bruta en un mensaje e-mail encriptado débilmente. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. Wiki Server en Apple Mac OS X v10.6 anterior a v10.6.3, no refuerza el acceso a la lista de control (SACL) para weblogs durante la creación del mismo, lo que permite a usuarios autenticados remotamente publicar contenidos a través de peticiones HTTP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •