CVSS: 7.5EPSS: 2%CPEs: 136EXPL: 0CVE-2011-0230
https://notcve.org/view.php?id=CVE-2011-0230
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer en la API de ATSFontDeactivate en Apple Type Services (ATS) en Apple Mac OS X v10.7.2 y anteriores que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 136EXPL: 0CVE-2011-0231
https://notcve.org/view.php?id=CVE-2011-0231
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." CFNetwork en Apple Mac OS X v10.7.2 no aplica de forma adecuada la política de almacenamiento de cookies, lo que hace que sea fácil para servidores Web remotos rastrear a los usuarios a través de una cookie, en relación con un "problema de sincronización". • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 132EXPL: 0CVE-2011-0229
https://notcve.org/view.php?id=CVE-2011-0229
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. Apple Type Services (ATS) en Apple Mac OS X v10.6.8 no maneja adecuadamente fuentes incrustadas de Tipo 1, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento manipulado que provoca un acceso a memoria con desbordamiento. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2011-3422
https://notcve.org/view.php?id=CVE-2011-3422
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. La implementación del Keychain en Apple Mac OS X v10.6.8 y anteriores no controla correctamente un atributo, no es de confianza un certificado de una autoridad de certificación, lo que hace que sea más fácil para atacantes man-in-the-middle falsificar servidores SSL arbitrario a través de un certificado de validación extendida, como lo demuestra el acceso https con Safari. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates http://www.securityfocus.com/bid/49429 http://www.securitytracker.com/id?1026002 https://exchange.xforce.ibmcloud.com/vulnerabilities/69556 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0CVE-2011-0249 – Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0249
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file. Desbordamiento de buffer basado en memoria dinámica en Apple QuickTime en versiones anteriores a 7.7 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de atoms STSC modificados en un archivo de película QuickTime. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the Sample-to-Chunks table in media files with 'twos' audio codec. If a value for 'samples per chunk' is bigger than 8 times the sample rate from the 'Sample Description Atom' it will cause a buffer overflow during the parsing of the atom sample table. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://support.apple.com/kb/HT5002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •