Page 71 of 606 results (0.011 seconds)

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilidad de uso después de liberación (use-after-free) en la función gss_indicate_mechs de lib/gssapi/mechglue/g_initialize.c en MIT Kerberos 5 (krb5) tiene impacto y vectores de ataque desconocidos. NOTA: esto podría ser resultado de una errata en el código fuente. • http://bugs.gentoo.org/show_bug.cgi?id=199214 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/43346 http://seclists.org/fulldisclosure/2007/Dec/0176.html http://seclists.org/fulldisclosure/2007/Dec/0321.html http://secunia.com/advisories/29451 http://secunia.com/advisories/29464 http://secunia.com/advisories/29516 http://secunia.com/advisories/39290 http://security.gentoo.org • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 9.3EPSS: 18%CPEs: 2EXPL: 0

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. El Cortafuegos de Aplicación de Apple Mac OS X 10.5, cuando la opción "Bloquear todas las conexiones entrantes" se encuentra habilitada, no impide que procesos de root o mDNSResponder acepten conexiones, lo cual podría permitir a atacantes remotos o procesos locales de root evitar las restricciones de seguridad establecidas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26461 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38506 •

CVSS: 10.0EPSS: 35%CPEs: 2EXPL: 0

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. El Firewall de Aplicación en Apple Mac OS X versión 10.5, no previene a un proceso de root de aceptar conexiones entrantes, incluso cuando ha sido establecido "Block incoming connections" para su ejecutable asociado, lo que podría permitir a atacantes remotos o procesos de root locales omitir las restricciones de acceso previstas. • http://docs.info.apple.com/article.html?artnum=307004 http://lists.apple.com/archives/security-announce/2007/Nov/msg00004.html http://secunia.com/advisories/27695 http://securitytracker.com/id?1018958 http://www.securityfocus.com/bid/26460 http://www.vupen.com/english/advisories/2007/3897 https://exchange.xforce.ibmcloud.com/vulnerabilities/38479 •

CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. La configuración por defecto de Safari en Apple Mac OS X 10.4 hasta 10.4.10 añade una clave privada a la cadena de claves con permisos que permiten a otras aplicaciones acceder a la clave sin avisar al usuario, lo cual podría permitir a otras aplicaciones evitar las restricciones de acceso. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38485 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. Vulnerabilidad no especificada en WebKit de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos utilizar Safari como si fuera un proxy indirecto y enviar información controlada por el atacante a puertos TCP de su elección mediante vectores desconocidos. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38486 • CWE-264: Permissions, Privileges, and Access Controls •