CVSS: 2.1EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0657
https://notcve.org/view.php?id=CVE-2012-0657
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Quartz Composer en Apple Mac OS X antes de v10.7.4, cuando el salvapantallas RSS Visualizer está activado, permite a atacantes físicamente próximos eludir el bloqueo de pantalla y poner en marcha un proceso de Safari a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53473 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 2%CPEs: 140EXPL: 0CVE-2012-0658
https://notcve.org/view.php?id=CVE-2012-0658
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. Desbordamiento de búffer en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de tablas de muestra de audio en un archivo de película que es descargado progresivamente. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5261 http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0652
https://notcve.org/view.php?id=CVE-2012-0652
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. La ventana de acceso en Apple Mac OS X v10.7.3, cuando Legacy File Vault o cuando los directorios home en red red están habilitados, no restringe adecuadamente lo que se escribe en el registro del sistema para las conexiones de red, que permite a usuarios locales obtener información sensible mediante la lectura del registro. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5501 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53457 http://www.securitytracker.com/id?1027024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0651
https://notcve.org/view.php?id=CVE-2012-0651
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. El servidor de directorios en el servicio de directorio de Apple Mac OS X v10.6.8 permite a atacantes remotos obtener información sensible de la memoria del proceso a través de un mensaje manipulado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53458 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0656
https://notcve.org/view.php?id=CVE-2012-0656
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. Condición de carrera en LoginUIFramework de Apple Mac OS X 10.7.x anteriores a 10.7.4, si la cuenta "Guest" (Invitado) está habilitada, permite a atacantes con acceso físico iniciar sesión con credenciales arbitrarias introduciendo un nombre de usuario y ninguna contraseña. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://support.apple.com/kb/HT5281 http://www.securityfocus.com/bid/53445 http://www.securityfocus.com/bid/53459 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •