CVSS: 5.0EPSS: 0%CPEs: 172EXPL: 0CVE-2012-0841 – libxml2: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0841
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. libxml2 v2.8.0 y anteriores calcula los valores de hash sin restringir la capacidad de provocar colisiones hash predecibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través datos XML modificados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2012-0324.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://secunia.com/advisories/54 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 4.3EPSS: 0%CPEs: 93EXPL: 0CVE-2011-3441
https://notcve.org/view.php?id=CVE-2011-3441
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. Libinfo en Apple iOS anterior a v5.0.1 no formula correctamente las preguntas de nombres de dominio, lo que permite a atacantes remotos obtener información sensible a través de un nombre de host DNS manipulado. • http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5052 http://support.apple.com/kb/HT5130 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.2EPSS: 0%CPEs: 43EXPL: 0CVE-2011-3440
https://notcve.org/view.php?id=CVE-2011-3440
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. La función Passcode Lock en Apple iOS anterior a v5.0.1 en el iPad 2 no aplica correctamente el estado de bloqueo, lo que permite a atacantes físicamente próximos a acceder a los datos mediante la apertura de un Smart Cover durante el apagado de confirmación. • http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html http://support.apple.com/kb/HT5052 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0CVE-2011-3243
https://notcve.org/view.php?id=CVE-2011-3243
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit, como se utiliza en Apple iOS antes de v5 y Safari antes de v5.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican ventanas DOM inactivas. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76353 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50088 https://exchange.xforce.ibmcloud.com/vulnerabilities/70564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2011-0228
https://notcve.org/view.php?id=CVE-2011-0228
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. El componente Data Security de Apple iOS antes de v4.2.10 y v4.3.x antes de v4.3.5 no comprueba el parámetro basicConstraints durante la validación de cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle, falsificar un servidor SSL mediante un certificado no-CA y firmar un certificado para un dominio de su elección. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html http://secunia.com/advisories/45369 http://securityreason.com/securityalert/8361 http://securitytracker.com/id?1025837 http://support.apple.com/kb/HT4824 http://support.apple.com/kb/HT4825 http://www.securityfocus.com/archive/1/518982/100/0/threaded http://www.securityfocus.com/bid/48877 https://www.trustwave.com/spiderlabs/advisor • CWE-20: Improper Input Validation •