CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0966
https://notcve.org/view.php?id=CVE-2013-0966
15 Mar 2013 — The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. El módulo mod_hfs_apple de Apple para el Servidor Apache HTTP en Apple Mac OS X anterior a v10.8.3 no controla correctamente caracteres Unicode, lo que permite a atacantes remotos eludir requisitos de autenticación de directorio a través de una ru... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2013-0973
https://notcve.org/view.php?id=CVE-2013-0973
15 Mar 2013 — Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. Software Update en Apple Mac OS X hasta v10.7.5 no impide que la carga de complementos en el marketing-text WebView, permitiendo que atacantes de hombre en medio (man-in-the-middle) ejecuten código del plugin mediante la modificación del flujo de datos cliente-servidor. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0971 – Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0971
15 Mar 2013 — Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. Vulnerabilidad de uso después de la liberación en PDFKit en Apple Mac OS X anterior a v10.8.3, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de anotaciones manuscritas elaboradas en un documento PDF. This... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0967
https://notcve.org/view.php?id=CVE-2013-0967
15 Mar 2013 — CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. CoreTypes en Apple Mac OS X anterior a v10.8.3 incluye archivos JNLP en la lista de tipos de archivo de seguridad, permitiendo a atacantes remotos evitar un complemento de Java deshabilitando la configuración y desencadenar la ejecución de aplicaciones Java Web Star... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3489 – postgresql: File disclosure through XXE in xmlparse by DTD validation
https://notcve.org/view.php?id=CVE-2012-3489
03 Oct 2012 — The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. La función xml_parse en el soporte libxml2 en el componente de servidor cen... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 1CVE-2012-3716
https://notcve.org/view.php?id=CVE-2012-3716
20 Sep 2012 — CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. CoreText en Apple Mac OS X v10.7.x anteriores a v10.7.5 permite a atacantes remotos a ejecutar código o provocar una denegación de servicio (escritura o lectura fuera del límite) a través de una texto glyph manipulado. • https://github.com/d4rkcat/killosx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
20 Sep 2012 — Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y c... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
20 Sep 2012 — The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
20 Sep 2012 — Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 126EXPL: 0CVE-2012-0650 – Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0650
20 Sep 2012 — Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Un desbordamiento de búfer en el Proxy DirectoryService en DirectoryService en Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores no especificados. This vulnerability... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •