CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
21 Jun 2011 — jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documen... • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
06 Jun 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacant... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
06 Jun 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0177
https://notcve.org/view.php?id=CVE-2011-0177
23 Mar 2011 — Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene una tabla SFNT manipulada en una fuente embebida. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0183
https://notcve.org/view.php?id=CVE-2011-0183
23 Mar 2011 — Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." Libinfo en Apple Mac OS X antes de v10.6.7 no controla correctamente un campo entero sin especificar en un paquete NFS RPC, que permite a atacantes remotos provocar una denegación de servicio (lockd, statd, mountd, o corte de portm... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0175
https://notcve.org/view.php?id=CVE-2011-0175
23 Mar 2011 — Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente TrueType manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0182 – Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)
https://notcve.org/view.php?id=CVE-2011-0182
23 Mar 2011 — The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. La llamada al sistema i386_set_ldt en el núcleo en Apple Mac OS X antes de v10.6.7 no controla correctamente las puertas de llamadas "call gates", que permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de una puerta de entrada de llamadas. • https://www.exploit-db.com/exploits/17901 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0178
https://notcve.org/view.php?id=CVE-2011-0178
23 Mar 2011 — The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. La API FSFindFolder en CarbonCore en Apple Mac OS X antes de v10.6.7 ofrece un directorio de lectura global en respuesta a una llamada con el indicador kTemporaryFolderType, permite a usuarios locales obtener información sensible mediante el acceso a es... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0173
https://notcve.org/view.php?id=CVE-2011-0173
23 Mar 2011 — Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Múltiples vulnerabilidades de formato de cadenas en AppleScript en Apple Mac OS X antes de v10.6.7 permite a atacantes dependientes de contexto ejecutar código de su elección o causar u... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0180 – Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure
https://notcve.org/view.php?id=CVE-2011-0180
23 Mar 2011 — Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. Desbordamiento de enteros en HFS en Apple Mac OS X antes de v10.6.7 permite a usuarios locales leer archivos (1) HFS, (2) HFS +, o (3) HFS + J por medio de una llamada F_READBOOTSTRAP ioctl manipulada. • https://www.exploit-db.com/exploits/35488 • CWE-189: Numeric Errors •