CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3212
https://notcve.org/view.php?id=CVE-2011-3212
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. CoreStorage en Apple Mac OS X v10.7 anterior a v10.7 no asegura que toda la información de disco está encriptada durante la activación de FileVault, lo que hace más fácil a atacantes próximos físicamente obtener información sensible leyendo directamente del dispositivo de disco. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://osvdb.org/76362 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/50085 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3226
https://notcve.org/view.php?id=CVE-2011-3226
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. Open Directory de Apple Mac OS X v10.7 antes de v10.7.2, cuando un servidor LDAPv3 se utiliza con el RFC 2307 o asignaciones personalizadas, permite a atacantes remotos evitar el requisito de contraseña mediante el aprovechamiento de la falta de un atributo AuthenticationAuthority de una cuenta de usuario. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76371 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 132EXPL: 0CVE-2011-3218
https://notcve.org/view.php?id=CVE-2011-3218
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. La selección "Save for Web" en QuickTime Player de Apple Mac OS X v10.6.8 a través de las exportaciones de los documentos HTML que contienen un enlace http a un archivo de comandos, permite a atacantes de "hombre-en-medio" realizar ataques de ejecución de secuencias de comandos en sitios cruzados mediante la suplantación del servidor http durante la visión local de un documento exportado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76373 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 93%CPEs: 99EXPL: 1CVE-2011-3230 – Apple Safari - 'file://' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-3230
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code. • https://www.exploit-db.com/exploits/17986 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76389 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50162 https://exchange.xforce.ibmcloud.com/vulnerabilities/70567 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2011-3242
https://notcve.org/view.php?id=CVE-2011-3242
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. La característica de navegación privada en Apple Safari antes de v5.1.1 en Mac OS X no reconoce adecuadamente el valor "Always" de la caracteristica "Block Cookies", lo que hace más sencillo para servidores remotos localizar a usuarios a través de una cookie. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76391 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70569 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •