Page 61 of 606 results (0.005 seconds)

CVSS: 6.8EPSS: 3%CPEs: 8EXPL: 0

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un tipo de contenido de (1) Automator, (2) Help, (3) Safari o (4) Terminal para un objeto descargable, que no activa un mensaje de advertencia "potentially unsafe" en (a) la funcionalidad Download Validation en Mac OS X versión 10.4 o (b) la funcionalidad Quarantine en Mac OS X versión 10.5. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020137 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29481 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42711 •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuración está habilitado y una impresora requiere una contraseña, permite a los atacantes obtener información confidencial (credenciales) mediante la lectura los datos de registro, relacionados con "authentication environment variables." • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020145 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29484 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42713 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 0

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. La biblioteca International Components for Unicode (ICU) en Apple Mac OS X versiones anteriores a 10.5.3, Red Hat Enterprise Linux versión 5 y otros sistemas operativos, omite algunas secuencias de caracteres no válidas durante la conversión de algunas codificaciones de caracteres, lo que podría permitir a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS). • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://secunia.com/advisories/34290 http://secunia.com/advisories/34777 http://securitytracker.com/id?1020139 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064 http://www.debian.org/security/2009/dsa-1762 http://www.redhat.com/support/errata/RHSA-2009-0296.html http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29488 http://www.ubuntu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Una vulnerabilidad de salto de directorio en el servidor web incorporado en Image Capture en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio en el URI. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020141 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29501 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 1%CPEs: 8EXPL: 0

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. El motor de decodificación de imágenes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF diseñada, lo que causa una lectura fuera de límites. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://secunia.com/advisories/30775 http://securitytracker.com/id?1020144 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29513 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •