CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4406
https://notcve.org/view.php?id=CVE-2014-4406
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Xcode Server en CoreCollaboration en Apple OS X Server anterior a 3.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html http://www.securityfocus.com/bid/69935 http://www.securitytracker.com/id/1030870 https://exchange.xforce.ibmcloud.com/vulnerabilities/96047 https://support.apple.com/kb/HT6536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5143
https://notcve.org/view.php?id=CVE-2013-5143
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. El servicio RADIUS de Server App en Apple OS X Server anteriores a 3.0 selecciona un X.509 de reserva en circunstancias no especificadas, lo que prodría permitir a atacantes man-in-the-middle secuestrar las sesiones RADIUS aprovechando el conocimiento de la clave privada de este certificado de reserva. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1034
https://notcve.org/view.php?id=CVE-2013-1034
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades XSS en Wiki Server de Apple Mac OS X Server anterior a la versión 2.2.2 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://www.cloudscan.me/2013/09/cve-2013-1034-stored-xss-xxe-os-x.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo tipo "movie" especialmente manipulado codificado con Sorenson. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78715 • CWE-399: Resource Management Errors •
CVSS: 9.7EPSS: 22%CPEs: 44EXPL: 0CVE-2011-1417 – Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1417
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Un desbordamiento de enteros en QuickLook, tal y como es usado en Mac OS X anterior a versión 10.6.7 y MobileSafari en iOS anterior a versión 4.2.7 y versiones 4.3.x anteriores a 4.3.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de un documento de Microsoft Office con un campo de tamaño diseñado en OfficeArtMetafileHeader, relacionado a OfficeArtBlip, como es demostrado en el iPhone por Charlie Miller y Dion Blazakis durante una competencia de Pwn2Own en CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00005.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4581 http://support.apple.com/kb/HT4607 http://support& • CWE-189: Numeric Errors •