CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3447
https://notcve.org/view.php?id=CVE-2011-3447
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. CFNetwork en Apple Mac OS X v10.7.x anterior a v10.7.3 no construyen correctamente las cabeceras de solicitud durante el análisis de URL, que permite a atacantes remotos obtener información sensible a través de una dirección URL incorrecta. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2011-3459 – Apple Quicktime Dataref URI Buffer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3459
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. Error de superación de límite (off-by-one) en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un átomo rdrf manipulado en un archivo de película que provoca un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3462
https://notcve.org/view.php?id=CVE-2011-3462
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. La aplicación Time Machine en Apple Mac OS X antes de v10.7.3 no comprueba remotamente el identificador único del volumen AFP o de la Capsula de Tiempo (Time Capsule), lo que permite a atacantes remotos obtener información sensible contenida en nuevas copias de seguridad por suplantación de este objeto de almacenamiento. Se trata de una vulnerabilidad diferente a la CVE-2010-1803. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3450
https://notcve.org/view.php?id=CVE-2011-3450
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. CoreUI en Apple Mac OS X v10.7.x antes de v10.7.3 no restringe adecuadamente la asignación de memoria de la pila, lo que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (consumo de memoria y caída de la aplicación) a través de una URL demasiado larga. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 24EXPL: 0CVE-2011-3460 – Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3460
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de un archivo PNG manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •