CVSS: 6.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo tipo "movie" especialmente manipulado codificado con Sorenson. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78715 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 93%CPEs: 99EXPL: 1CVE-2011-3230 – Apple Safari - 'file://' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-3230
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code. • https://www.exploit-db.com/exploits/17986 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76389 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50162 https://exchange.xforce.ibmcloud.com/vulnerabilities/70567 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0CVE-2011-3242
https://notcve.org/view.php?id=CVE-2011-3242
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. La característica de navegación privada en Apple Safari antes de v5.1.1 en Mac OS X no reconoce adecuadamente el valor "Always" de la caracteristica "Block Cookies", lo que hace más sencillo para servidores remotos localizar a usuarios a través de una cookie. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76391 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70569 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 99EXPL: 0CVE-2011-3231
https://notcve.org/view.php?id=CVE-2011-3231
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. La implementación SSL en Apple Safari anterior a v5.1.1 en MAC OS X anterior a v10.7 accede a memoria no inicializada durante el procesamiento de certificados X.509, permitiendo a servidores web remotos ejecutar código arbitrario mediante una certificado manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76390 http://support.apple.com/kb/HT5000 https://exchange.xforce.ibmcloud.com/vulnerabilities/70568 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 20%CPEs: 79EXPL: 0CVE-2011-0255 – Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0255
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit, empleado en Safari anterior a v5.0.6, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de APPLE-SA-2011-07-20-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://support.apple.com/kb/HT4808 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •