CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2011-3422
https://notcve.org/view.php?id=CVE-2011-3422
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. La implementación del Keychain en Apple Mac OS X v10.6.8 y anteriores no controla correctamente un atributo, no es de confianza un certificado de una autoridad de certificación, lo que hace que sea más fácil para atacantes man-in-the-middle falsificar servidores SSL arbitrario a través de un certificado de validación extendida, como lo demuestra el acceso https con Safari. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates http://www.securityfocus.com/bid/49429 http://www.securitytracker.com/id?1026002 https://exchange.xforce.ibmcloud.com/vulnerabilities/69556 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2011-2821 – libxml2: double free caused by malformed XPath expression in XSLT
https://notcve.org/view.php?id=CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. Doble vulnerabilidad libre en libxml2, como se usa en Google Chrome antes de v13.0.782.215, permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de una expresión XPath manipulada. • http://code.google.com/p/chromium/issues/detail?id=89402 http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5503 http:&#x • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2009-5078
https://notcve.org/view.php?id=CVE-2009-5078
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 lanza el programa Ghostscript sin la opcion -dSAFER, lo que permite a usuarios remotos crear, sobrescribir, renombrar o eliminar archivos de su elección a través de un documento manipulado. • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://openwall.com/lists/oss-security/2009/08/09/1 http://openwall.com/lists/oss-security/2009/08/10/2 http://www.securityfocus.com/bid/36381 https://support.apple.com/kb/HT205031 • CWE-254: 7PK - Security Features •
CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-5044
https://notcve.org/view.php?id=CVE-2009-5044
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 permite sobreescribir ficheros de su elección a los usuarios locales a través de un ataque de enlace simbólico sobre un fichero temporal pdf#####.tmp . • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://openwall.com/lists/oss-security/2009/08/09/1 http://ope • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •