CVSS: 5.0EPSS: 0%CPEs: 136EXPL: 0CVE-2011-0231
https://notcve.org/view.php?id=CVE-2011-0231
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." CFNetwork en Apple Mac OS X v10.7.2 no aplica de forma adecuada la política de almacenamiento de cookies, lo que hace que sea fácil para servidores Web remotos rastrear a los usuarios a través de una cookie, en relación con un "problema de sincronización". • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 0CVE-2011-0185
https://notcve.org/view.php?id=CVE-2011-0185
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Vulnerabilidad de formato de cadena en la funcionalidad debug-logging en el Firewall de Aplicación en Apple Mac OS X anteriores a v10.7.2 que permite a usuarios locales conseguir privilegios a través de un nombre de archivo ejecutable manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50092 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2011-3422
https://notcve.org/view.php?id=CVE-2011-3422
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. La implementación del Keychain en Apple Mac OS X v10.6.8 y anteriores no controla correctamente un atributo, no es de confianza un certificado de una autoridad de certificación, lo que hace que sea más fácil para atacantes man-in-the-middle falsificar servidores SSL arbitrario a través de un certificado de validación extendida, como lo demuestra el acceso https con Safari. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates http://www.securityfocus.com/bid/49429 http://www.securitytracker.com/id?1026002 https://exchange.xforce.ibmcloud.com/vulnerabilities/69556 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documento XML manipulado que contiene un gran número de referencias a entidades anidadas, un problema similar a CVE-2003-1564. • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061341.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061458.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061482.html http://secunia.com/advisories/44787 http://secunia.com/advisories/44957 http://secunia.com/advisories/45112 http:/ • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0177
https://notcve.org/view.php?id=CVE-2011-0177
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene una tabla SFNT manipulada en una fuente embebida. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •