CVSS: 8.8EPSS: 1%CPEs: 136EXPL: 0CVE-2011-3227
https://notcve.org/view.php?id=CVE-2011-3227
14 Oct 2011 — libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. libsecurity en Apple Mac OS X antes de v10.7.2 no controla correctamente los errores durante el procesamiento de una extensión no estándar en la lista de certificados revocados (CRL), lo que permite a... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 132EXPL: 0CVE-2011-0224
https://notcve.org/view.php?id=CVE-2011-0224
14 Oct 2011 — CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. CoreMedia en Apple Mac OS X v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de un archivo de película QuickTime manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3213
https://notcve.org/view.php?id=CVE-2011-3213
14 Oct 2011 — The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. El componente File Systems en Apple Mac OS X anterior a v10.7.2 no lleva correctamente el certificado específico X.509 que un usuario manualmente ha aceptado para una conexión inicial http... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 7%CPEs: 136EXPL: 0CVE-2011-3221 – Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3221
14 Oct 2011 — QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. QuickTime en Apple Mac OS X anterior a v10.7.2 no controla correctamente la jerarquía de atom en los archivos de películas, permitiendo a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo especialmente diseñad... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-0185
https://notcve.org/view.php?id=CVE-2011-0185
14 Oct 2011 — Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Vulnerabilidad de formato de cadena en la funcionalidad debug-logging en el Firewall de Aplicación en Apple Mac OS X anteriores a v10.7.2 que permite a usuarios locales conseguir privilegios a través de un nombre de archivo ejecutable manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 132EXPL: 0CVE-2011-3214
https://notcve.org/view.php?id=CVE-2011-3214
14 Oct 2011 — IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. IOGraphics en Apple Mac OS X hasta v10.6.8 no maneja adecuadamente un estado de pantalla bloquedad en modo sleep para un Apple Cinema Display, lo que permite a atacantes próximos físicamente evitar los requerimientos de contraseña a través de vectores no especificad... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3215
https://notcve.org/view.php?id=CVE-2011-3215
14 Oct 2011 — The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. El Kernel en Apple Mac OS X anterior a v10.7.2 no previene adecuadamente FireWire DMA en ausencia de login, lo que permite a atacantes físicamente próximos evitar las restricciones de acceso y descubrir una contrase... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3225
https://notcve.org/view.php?id=CVE-2011-3225
14 Oct 2011 — The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. El componente SMB File Server en Apple Mac OS X v10.7 antes de v10.7.2 no impide que todos los usuarios invitados accedan al registro de punto de uso compartido de una carpeta de invitados restringida, lo que permite a atacantes ... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0260
https://notcve.org/view.php?id=CVE-2011-0260
14 Oct 2011 — The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window. El componente CoreProcesses en Apple Mac OS X v10.7 anterior a v10.7.2 no previene un sistema de ventana que recibe pulsaciones en el estado de bloqueo de pantalla, lo que podría permite a atacantes físicamente próximos evitar las restricciones... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3226
https://notcve.org/view.php?id=CVE-2011-3226
14 Oct 2011 — Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. Open Directory de Apple Mac OS X v10.7 antes de v10.7.2, cuando un servidor LDAPv3 se utiliza con el RFC 2307 o asignaciones personalizadas, permite a atacantes remotos evitar el requisito de contraseña mediante el aprovechamiento de la falta de un atributo... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •