CVE-2011-0234 – Webkit Detached Body Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0234
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0182 – Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)
https://notcve.org/view.php?id=CVE-2011-0182
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. La llamada al sistema i386_set_ldt en el núcleo en Apple Mac OS X antes de v10.6.7 no controla correctamente las puertas de llamadas "call gates", que permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de una puerta de entrada de llamadas. • https://www.exploit-db.com/exploits/17901 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://securityreason.com/securityalert/8402 http://support.apple.com/kb/HT4581 • CWE-20: Improper Input Validation •
CVE-2011-0184
https://notcve.org/view.php?id=CVE-2011-0184
QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes. QuickLook en Mac OS X de Apple versiones 10.6 anteriores a 10.6.7, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de una hoja de cálculo de Excel con una fórmula especialmente diseñada que usa códigos de operación no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=898 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0186
https://notcve.org/view.php?id=CVE-2011-0186
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. QuickTime en Apple Mac OS X anterior a v10.6.7 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de una imagen JPEG2000 manipulada • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0187
https://notcve.org/view.php?id=CVE-2011-0187
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. La extensión de QuickTime en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos evitar la política del mismo origen y obtener datos de video potencialmente sensibles a través de vectores que implican redirección de sitios cruzados. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •