CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0CVE-2012-3721
https://notcve.org/view.php?id=CVE-2012-3721
20 Sep 2012 — Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. El administrador de perfiles en Apple Mac OS X antes de v10.7.5 no realiza correctamente la autenticación de la interfaz privada de gestión del dispositivo, lo que permite a cualquier atacante enumerar los dispositivos gestionados a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
20 Sep 2012 — Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 1CVE-2012-3716
https://notcve.org/view.php?id=CVE-2012-3716
20 Sep 2012 — CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. CoreText en Apple Mac OS X v10.7.x anteriores a v10.7.5 permite a atacantes remotos a ejecutar código o provocar una denegación de servicio (escritura o lectura fuera del límite) a través de una texto glyph manipulado. • https://github.com/d4rkcat/killosx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
20 Sep 2012 — Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y c... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
20 Sep 2012 — The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 126EXPL: 0CVE-2012-0650 – Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0650
20 Sep 2012 — Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Un desbordamiento de búfer en el Proxy DirectoryService en DirectoryService en Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores no especificados. This vulnerability... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2012-1148 – expat: Memory leak in poolGrow
https://notcve.org/view.php?id=CVE-2012-1148
03 Jul 2012 — Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Múltiples fugas de memoria en la función poolGrow en expat/lib/xmlparse.c en expat anteriores a v2.1.0 podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un número largo de ... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0657
https://notcve.org/view.php?id=CVE-2012-0657
11 May 2012 — Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Quartz Composer en Apple Mac OS X antes de v10.7.4, cuando el salvapantallas RSS Visualizer está activado, permite a atacantes físicamente próximos eludir el bloqueo de pantalla y poner en marcha un proceso de Safari a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 140EXPL: 0CVE-2012-0660
https://notcve.org/view.php?id=CVE-2012-0660
11 May 2012 — Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0652
https://notcve.org/view.php?id=CVE-2012-0652
11 May 2012 — Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. La ventana de acceso en Apple Mac OS X v10.7.3, cuando Legacy File Vault o cuando los directorios home en red red están habilitados, no restringe adecuadamente lo que se escribe en el registro del sistema para las conexiones de red, que permite a us... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •