CVSS: 4.6EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y caída del sistema) conectando un dispositivo USB. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3719
https://notcve.org/view.php?id=CVE-2012-3719
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. La app Mail en Apple Mac OS X antes de v10.7.5 no maneja correctamente los plugins web, lo que permite a atacantes remotos ejecutar código de su elección a través de un mensaje de correo electrónico que activa la carga de un plugin de terceros. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78751 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://osvdb.org/85647 http://support.apple.com/kb/HT5501 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 182EXPL: 0CVE-2012-3722
https://notcve.org/view.php?id=CVE-2012-3722
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. El codec Sorenson en QuickTime en Apple Mac OS X anterior a v10.7.5, y en CoreMedia en iOS anterior a v6, accede a regiones de memoria no inicializadas, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo tipo "movie" especialmente manipulado codificado con Sorenson. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78715 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 61%CPEs: 126EXPL: 0CVE-2012-0650 – Apple Mac OS X DirectoryService SwapProxyMessage Unchecked objOffset Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0650
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Un desbordamiento de búfer en el Proxy DirectoryService en DirectoryService en Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •