Page 55 of 304 results (0.015 seconds)

CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Vulnerabilidad de formato de cadena en c++filt en Apple Mac OS X 10.5 anterior a la v10.5.4, permite a atacantes asistidos por el usuario ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una cadena manipulada en código (1) C++ o (2) Java. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020392 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43494 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 4.4EPSS: 0%CPEs: 30EXPL: 0

Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Dock en Apple Mac OS X 10.5 anterior a la versión 10.5.4, cuando las zonas activas de Exposé están habilitadas, permite a los atacantes físicamente próximos obtener acceso a una sesión bloqueada en (1) modo de suspensión o (2) modo de protector de pantalla a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020395 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43497 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0

The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. El programa sso_util en Single Sign-On en Apple Mac OS X versiones anteriores a 10.5.3, coloca las contraseñas en la línea de comando, lo que permite a los usuarios locales obtener información confidencial mediante la enumeración de los procesos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020142 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29520 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42725 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificado. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020130 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29490 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42703 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función CFDataReplaceBytes en la API CFData en CoreFoundation en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (bloqueo) por medio de un argumento de longitud no válida, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020135 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29491 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42709 • CWE-20: Improper Input Validation •