CVE-2011-3216
https://notcve.org/view.php?id=CVE-2011-3216
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. El kernel en Apple Mac OS X anterior a v10.7.2 no aplicar correctamente el sticky bit en los directorios, lo que podría permitir a usuarios locales eludir los permisos y eliminar archivos a través de una llamada al sistema no enlazada • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-3215
https://notcve.org/view.php?id=CVE-2011-3215
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. El Kernel en Apple Mac OS X anterior a v10.7.2 no previene adecuadamente FireWire DMA en ausencia de login, lo que permite a atacantes físicamente próximos evitar las restricciones de acceso y descubrir una contraseña realizando una petición DM en el (1) ventana de login, (2) arrancado, o (3) estado de apagado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-3214
https://notcve.org/view.php?id=CVE-2011-3214
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. IOGraphics en Apple Mac OS X hasta v10.6.8 no maneja adecuadamente un estado de pantalla bloquedad en modo sleep para un Apple Cinema Display, lo que permite a atacantes próximos físicamente evitar los requerimientos de contraseña a través de vectores no especificados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0230
https://notcve.org/view.php?id=CVE-2011-0230
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer en la API de ATSFontDeactivate en Apple Type Services (ATS) en Apple Mac OS X v10.7.2 y anteriores que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0229
https://notcve.org/view.php?id=CVE-2011-0229
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. Apple Type Services (ATS) en Apple Mac OS X v10.6.8 no maneja adecuadamente fuentes incrustadas de Tipo 1, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento manipulado que provoca un acceso a memoria con desbordamiento. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •