CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0180 – Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure
https://notcve.org/view.php?id=CVE-2011-0180
23 Mar 2011 — Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. Desbordamiento de enteros en HFS en Apple Mac OS X antes de v10.6.7 permite a usuarios locales leer archivos (1) HFS, (2) HFS +, o (3) HFS + J por medio de una llamada F_READBOOTSTRAP ioctl manipulada. • https://www.exploit-db.com/exploits/35488 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0178
https://notcve.org/view.php?id=CVE-2011-0178
23 Mar 2011 — The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. La API FSFindFolder en CarbonCore en Apple Mac OS X antes de v10.6.7 ofrece un directorio de lectura global en respuesta a una llamada con el indicador kTemporaryFolderType, permite a usuarios locales obtener información sensible mediante el acceso a es... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0173
https://notcve.org/view.php?id=CVE-2011-0173
23 Mar 2011 — Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Múltiples vulnerabilidades de formato de cadenas en AppleScript en Apple Mac OS X antes de v10.6.7 permite a atacantes dependientes de contexto ejecutar código de su elección o causar u... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2011-0176 – Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0176
22 Mar 2011 — Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente de tipo 1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable insta... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.7EPSS: 28%CPEs: 44EXPL: 0CVE-2011-1417 – Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1417
11 Mar 2011 — Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Un desbordamiento de e... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 3CVE-2010-4754
https://notcve.org/view.php?id=CVE-2010-4754
02 Mar 2011 — The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. La implementación glob en libc en FreeBSD versiones 7.3 y 8.1, NetBSD versión 5.0.2 y OpenBSD versión 4.7, ... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 1CVE-2010-4494 – libxml2: double-free in XPath processing code
https://notcve.org/view.php?id=CVE-2010-4494
07 Dec 2010 — Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Vulnerabilidad de liberación doble en libxml2 2.7.8 y otras versiones, tal como se utiliza en Google Chrome en versiones anteriores a 8.0.552.215 y otros productos, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener o... • http://code.google.com/p/chromium/issues/detail?id=63444 • CWE-415: Double Free •
CVSS: 9.3EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3824
https://notcve.org/view.php?id=CVE-2010-3824
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Vulnerabilidad de uso después de la liberación en WebKit en Apple Safari anteriores a v5.0.3 en Mac OS X 10.5 hasta v10.6 y Windows, y anteriores a v4.1.3 en Mac OS X v10.4, permite a atacantes remotos ejecutar código de su ele... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 126EXPL: 0CVE-2010-3811
https://notcve.org/view.php?id=CVE-2010-3811
20 Nov 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Vulnerabilidad de uso después de la liberación en Apple Safari anterior a v5.0.3 en Mac OS X v10.5 a la v10.6 y Windows en la v4.1.3 y anteriores y sobre Mac OS X v10.4, permite a atacantes remotos oejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 126EXPL: 0CVE-2010-3812 – Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3812
20 Nov 2010 — Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. Un desbordamiento de enteros en el WebKit de Apple Safari v5.0.3 antes en Mac OS X v10.5 a v10.6 y Windows, y antes de v4.1.3 en Mac OS ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •