Page 60 of 311 results (0.006 seconds)

CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 0

CVE-2010-0036

https://notcve.org/view.php?id=CVE-2010-0036

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. Desbordamiento de búfer en CoreAudio in Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero de audio MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://secunia.com/advisories/38241 http://support.apple.com/kb/HT4004 http://support.apple.com/kb/HT4013 http://www.securityfocus.com/bid/37868 http://www.securitytracker.com/id?1023472 http://www.vupen.com/english/advisories/2010/0173 https://exchange.xforce.ibmcloud.com/vulnerabilities/55746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0

CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface

https://notcve.org/view.php?id=CVE-2009-3553

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el descriptor de fichero abstracto de cuelgue de interface en la función cupsdDoSelect en scheduler/select.c en el scheduler en cupsd en CUPS v1.3.7 y v1.3.10 permite a los atacantes remoto causar una denegación de servicio (caída o cuelque del demonio) a través de una desconexión de cliente durante el listado de una elevado número de trabajos de impresión, en relación al mantenimiento inapropiado de un contador de referencia. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://secunia.com/advisories/37360 http://secunia.com/advisories/37364 http://secunia.com/advisories/38241 http://secunia.com/advisories/43521 http://security.gentoo.org/glsa/glsa-201207-10.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1 http://support.apple.com/kb/HT4004 http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs http://www.cups.org/newsgroups.php/newsgr • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 0

CVE-2009-2823

https://notcve.org/view.php?id=CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. El servidor Apache HTTP en Apple Mac OS X anterior v10.6.2 habilita el método HTTP TRACE, lo que permite a atacantes dirigir ejecuciones de secuencias de comandos en sitios cruzados (XSS) a través de software de clientes web no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.mandriva.com/security/advisories?name=MDVSA-2009:300 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 1

CVE-2009-2820 – CUPS - 'kerberos' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. CUPS en Apple Mac OS X anterior a v10.6.2no maneja adecuadamente (1) las cabeceras HTTP y (2) las plantillas HTML, lo que permite a atacantes remotos dirigir ataques de petición de sitios cruzados (XSS) y ataques de separación de respuesta HTTP a través de vectores relacionados con (a) la interfaz web del producto, (b) la configuración del sistema de impresión, y (c) los títulos de los trabajos impresos. • https://www.exploit-db.com/exploits/10001 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://secunia.com/advisories/37308 http://secunia.com/advisories/37360 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1 http://support.apple.com/kb/HT3937 http://www.cups.org/articles.php?L590 http://www.cups.org/documentation.php/relnotes.html http://www.cups.org/str.php?L3367 http://www.mandriva.com/security/advisories?name=MDVSA-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-2836

https://notcve.org/view.php?id=CVE-2009-2836

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. Race condition en Login Window en Apple Mac OS X v10.6.x anterior v10.6.2, cuando al menos una cuenta tiene el password en blanco, permite a atacantes superar la autenticación de password y obtener acceso a una cuenta arbitraria a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •