CVE-2012-0649
https://notcve.org/view.php?id=CVE-2012-0649
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Condición de carrera en la rutina de inicialización en el Bluetooth en Apple Mac OS X antes de v10.7.4 permite a usuarios locales conseguir privilegios a través de vectores relacionados con un archivo temporal. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53456 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2012-0654
https://notcve.org/view.php?id=CVE-2012-0654
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. libsecurity en Apple Mac OS X antes de v10.7.4 acceda a posiciones de memoria sin inicializar durante la tramitación de los certificados X.509, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un certificado modificado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0658
https://notcve.org/view.php?id=CVE-2012-0658
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. Desbordamiento de búffer en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de tablas de muestra de audio en un archivo de película que es descargado progresivamente. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0655
https://notcve.org/view.php?id=CVE-2012-0655
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. libsecurity en Apple Mac OS X anteriores a 10.7.4 no restringe apropiadamente la longitud de las claves RSA de certificados X.509, lo que facilita a atacantes remotos evitar los mecanismos de protección criptográfica realizando un ataque de suplantación de identidad ("spoofing") o de captura del tráfico de red ("network-sniffing") durante la comunicación con una página web que utiliza una clave de poca longitud. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53462 • CWE-310: Cryptographic Issues •
CVE-2012-0657
https://notcve.org/view.php?id=CVE-2012-0657
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Quartz Composer en Apple Mac OS X antes de v10.7.4, cuando el salvapantallas RSS Visualizer está activado, permite a atacantes físicamente próximos eludir el bloqueo de pantalla y poner en marcha un proceso de Safari a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53473 • CWE-264: Permissions, Privileges, and Access Controls •