CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0182 – Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)
https://notcve.org/view.php?id=CVE-2011-0182
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. La llamada al sistema i386_set_ldt en el núcleo en Apple Mac OS X antes de v10.6.7 no controla correctamente las puertas de llamadas "call gates", que permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de una puerta de entrada de llamadas. • https://www.exploit-db.com/exploits/17901 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://securityreason.com/securityalert/8402 http://support.apple.com/kb/HT4581 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 2%CPEs: 38EXPL: 0CVE-2011-0188 – ruby: memory corruption in BigDecimal on 64bit platforms
https://notcve.org/view.php?id=CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." La función VpMemAlloc en bigdecimal.c en la clase BigDecimal en Ruby v1.9.2-P136 y anteriores, tal como se utiliza en Apple Mac OS X antes de vv10.6.7 y en otras plataformas, no asigna memoria adecuadamente, lo que permite a atacantes dependientes de contexto ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores que impliquen la creación de un valor BigDecimal grande dentro de un proceso de 64 bits, relacionado con un "fallo de truncado de entero". • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.redhat.com/support/ • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0174
https://notcve.org/view.php?id=CVE-2011-0174
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Desbordamiento de búfer en memoria dinámica en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente OpenType manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0187
https://notcve.org/view.php?id=CVE-2011-0187
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. La extensión de QuickTime en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos evitar la política del mismo origen y obtener datos de video potencialmente sensibles a través de vectores que implican redirección de sitios cruzados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2011-0186
https://notcve.org/view.php?id=CVE-2011-0186
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. QuickTime en Apple Mac OS X anterior a v10.6.7 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de una imagen JPEG2000 manipulada • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •