Page 61 of 455 results (0.013 seconds)

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://securitytracker.com/id?1016069 http://www.kb.cert.org/vuls/id/519473 http://www.osvdb.org/25598 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26427 •

CVSS: 7.8EPSS: 8%CPEs: 4EXPL: 0

QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://securitytracker.com/id?1016070 http://www.osvdb.org/25599 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26423 •

CVSS: 5.1EPSS: 2%CPEs: 38EXPL: 1

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. • https://www.exploit-db.com/exploits/27715 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/19686 http://secunia.com/advisories/20077 http://securitytracker.com/id?1016082 http://www.osvdb.org/24819 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233 http://www.security-protocols.com/sp-x25-advisory.php http://www.securityfocus.com/bid/17634 http://www.securityfocus.com/bid/17951 http://www.us • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.4EPSS: 10%CPEs: 34EXPL: 2

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/19686 http://secunia.com/advisories/20077 http://securitytracker.com/id?1016067 http://www.osvdb.org/24821 http://www.osvdb.org/24822 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233 http://www.security-protocols.com/sp-x28-advisory.php http://www.security-protocols.com/sp-x30-advisory.php http://www.securityfocus.com/bid/17634 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. Vulnerabilidad no especificada en Java InputMethods en Mac OS X 10.4.5 puede causar que InputMethdos envíe eventos de entrada para campos seguros a un campo de texto equivocado, lo que podría revelar la contraseña a otros que pudieran ver la pantalla. º • http://docs.info.apple.com/article.html?artnum=303658 http://www.vupen.com/english/advisories/2006/1398 https://exchange.xforce.ibmcloud.com/vulnerabilities/26167 •