CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2011-0186
https://notcve.org/view.php?id=CVE-2011-0186
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. QuickTime en Apple Mac OS X anterior a v10.6.7 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) a través de una imagen JPEG2000 manipulada • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0190
https://notcve.org/view.php?id=CVE-2011-0190
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. Install Helper en Installer de Apple Mac OS X antes de v10.6.7, no procesa correctamente una dirección URL no especificada, lo que podría permitir a atacantes remotos rastrear los inicios de sesión de usuario grabando el tráfico de la red con un agente que intenta enviar tráfico de red a un servidor de Apple. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0173
https://notcve.org/view.php?id=CVE-2011-0173
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Múltiples vulnerabilidades de formato de cadenas en AppleScript en Apple Mac OS X antes de v10.6.7 permite a atacantes dependientes de contexto ejecutar código de su elección o causar una denegación de servicio (solicitud de bloqueo) a través de especificadores de formato de cadena en (1) pantalla de diálogo o (2) comando de alerta en un cuadro de diálogo en una aplicación AppleScript Studio. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0180 – Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure
https://notcve.org/view.php?id=CVE-2011-0180
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. Desbordamiento de enteros en HFS en Apple Mac OS X antes de v10.6.7 permite a usuarios locales leer archivos (1) HFS, (2) HFS +, o (3) HFS + J por medio de una llamada F_READBOOTSTRAP ioctl manipulada. • https://www.exploit-db.com/exploits/35488 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 3%CPEs: 14EXPL: 0CVE-2011-0176 – Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0176
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente de tipo 1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mac OS X's CFF Decoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the Type1Scaler library processes a specially formatted compact font file. When processing this file, the application will corrupt memory outside the bounds of an allocated buffer. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •