CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2013-0973
https://notcve.org/view.php?id=CVE-2013-0973
15 Mar 2013 — Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. Software Update en Apple Mac OS X hasta v10.7.5 no impide que la carga de complementos en el marketing-text WebView, permitiendo que atacantes de hombre en medio (man-in-the-middle) ejecuten código del plugin mediante la modificación del flujo de datos cliente-servidor. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVSS: 6.5EPSS: 1%CPEs: 22EXPL: 0CVE-2012-3489 – postgresql: File disclosure through XXE in xmlparse by DTD validation
https://notcve.org/view.php?id=CVE-2012-3489
03 Oct 2012 — The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. La función xml_parse en el soporte libxml2 en el componente de servidor cen... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 17%CPEs: 10EXPL: 1CVE-2012-3716
https://notcve.org/view.php?id=CVE-2012-3716
20 Sep 2012 — CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. CoreText en Apple Mac OS X v10.7.x anteriores a v10.7.5 permite a atacantes remotos a ejecutar código o provocar una denegación de servicio (escritura o lectura fuera del límite) a través de una texto glyph manipulado. • https://github.com/d4rkcat/killosx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
20 Sep 2012 — Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3719
https://notcve.org/view.php?id=CVE-2012-3719
20 Sep 2012 — Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. La app Mail en Apple Mac OS X antes de v10.7.5 no maneja correctamente los plugins web, lo que permite a atacantes remotos ejecutar código de su elección a través de un mensaje de correo electrónico que activa la carga de un plugin de terceros. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
20 Sep 2012 — The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
20 Sep 2012 — Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y c... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0649
https://notcve.org/view.php?id=CVE-2012-0649
11 May 2012 — Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Condición de carrera en la rutina de inicialización en el Bluetooth en Apple Mac OS X antes de v10.7.4 permite a usuarios locales conseguir privilegios a través de vectores relacionados con un archivo temporal. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0654
https://notcve.org/view.php?id=CVE-2012-0654
11 May 2012 — libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. libsecurity en Apple Mac OS X antes de v10.7.4 acceda a posiciones de memoria sin inicializar durante la tramitación de los certificados X.509, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0655
https://notcve.org/view.php?id=CVE-2012-0655
11 May 2012 — libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. libsecurity en Apple Mac OS X anteriores a 10.7.4 no restringe apropiadamente la longitud de las claves RSA de certificados X.509, lo que facilita a atacantes remotos evitar los mecanismos de pr... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-310: Cryptographic Issues •