CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 0CVE-2011-0202
https://notcve.org/view.php?id=CVE-2011-0202
24 Jun 2011 — Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. Un desbordamiento de entero en CoreGraphics para Apple Mac OS X antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de fuentes tipo 1 embebidas en un documento PDF. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2011-0208
https://notcve.org/view.php?id=CVE-2011-0208
24 Jun 2011 — QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. QuickLook para Apple Mac OS X v10.6 antes de v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un documento de Microsoft Office hecho a mano. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-0212
https://notcve.org/view.php?id=CVE-2011-0212
24 Jun 2011 — servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. servermgrd en Apple Mac OS X antes de v10.6.8 permite a atacantes remotos leer ficheros de su elección, y posiblemente enviar peticiones HTTP a los servidores de... • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
21 Jun 2011 — jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documen... • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.3EPSS: 2%CPEs: 79EXPL: 0CVE-2011-0234 – Webkit Detached Body Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0234
19 Apr 2011 — WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilida... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0CVE-2011-0172
https://notcve.org/view.php?id=CVE-2011-0172
23 Mar 2011 — AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. AirPort de Apple Mac OS X v10.6 antes v10.6.7 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y reinicio del sistema) a través de tramas Wi-Fi en la red local inalámbrica, una vulnerabilidad diferente de CVE-2011-0162. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0174
https://notcve.org/view.php?id=CVE-2011-0174
23 Mar 2011 — Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Desbordamiento de búfer en memoria dinámica en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente OpenType manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 38EXPL: 0CVE-2011-0188 – ruby: memory corruption in BigDecimal on 64bit platforms
https://notcve.org/view.php?id=CVE-2011-0188
23 Mar 2011 — The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." La función VpMemAlloc en bigdecimal.c en la clase BigDecimal en Ruby v1.9.2-P1... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0190
https://notcve.org/view.php?id=CVE-2011-0190
23 Mar 2011 — Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. Install Helper en Installer de Apple Mac OS X antes de v10.6.7, no procesa correctamente una dirección URL no especificada, lo que podría permitir a atacantes remotos rastrear los inicios de sesión de usuario grabando el tráfico de la red con un a... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0184
https://notcve.org/view.php?id=CVE-2011-0184
23 Mar 2011 — QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes. QuickLook en Mac OS X de Apple versiones 10.6 anteriores a 10.6.7, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de una hoja de cálculo de Excel con una fórmu... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=898 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •