CVSS: 6.1EPSS: 0%CPEs: 132EXPL: 0CVE-2011-3214 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-3214
13 Oct 2011 — IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. IOGraphics en Apple Mac OS X hasta v10.6.8 no maneja adecuadamente un estado de pantalla bloquedad en modo sleep para un Apple Cinema Display, lo que permite a atacantes próximos físicamente evitar los requerimientos de contraseña a través de vectores no especificad... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3213 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-3213
13 Oct 2011 — The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. El componente File Systems en Apple Mac OS X anterior a v10.7.2 no lleva correctamente el certificado específico X.509 que un usuario manualmente ha aceptado para una conexión inicial http... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 132EXPL: 0CVE-2011-3218 – Apple Security Advisory 2011-10-26-1
https://notcve.org/view.php?id=CVE-2011-3218
13 Oct 2011 — The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. La selección "Save for Web" en QuickTime Player de Apple Mac OS X v10.6.8 a través de las exportaciones de los documentos HTML que contienen un enlace http a un archivo de comandos, permite a atacantes ... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-0185 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0185
13 Oct 2011 — Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Vulnerabilidad de formato de cadena en la funcionalidad debug-logging en el Firewall de Aplicación en Apple Mac OS X anteriores a v10.7.2 que permite a usuarios locales conseguir privilegios a través de un nombre de archivo ejecutable manipulado. OS X Lion has a security update available that addresses findings in Apa... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3215 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-3215
13 Oct 2011 — The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. El Kernel en Apple Mac OS X anterior a v10.7.2 no previene adecuadamente FireWire DMA en ausencia de login, lo que permite a atacantes físicamente próximos evitar las restricciones de acceso y descubrir una contrase... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 136EXPL: 0CVE-2011-3222 – Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3222
13 Oct 2011 — Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Desbordamiento de búfer basado en pila en Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código de su elección a través o causar una denegación de servicio (caída de la aplicación) mediante un fichero FlashPix manipulado This vulnerability allows remote attackers to execute arbitrary code on vulner... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 136EXPL: 0CVE-2011-3228 – Apple Security Advisory 2011-10-26-1
https://notcve.org/view.php?id=CVE-2011-3228
13 Oct 2011 — QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. QuickTime en Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo de película especialmente diseñado OS X Lion has a security update available that addresses findings in Apache, a fo... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3220 – Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3220
13 Oct 2011 — QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. QuickTime en Apple Mac OS X anterior a v10.7.2 no procesa correctamente los datos de los manipuladores URL de los archivos de película, lo que permite a atacantes remotos obtener información sensible desde memoria no inicializada mediante un fichero especialmente diseñado. This vulnerability... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 132EXPL: 1CVE-2011-3224 – Mac App Store Man-In-The-Middle / Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-3224
13 Oct 2011 — The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. El componente User Documentation en Apple Mac OS X hasta v10.6.8 usa sesiones http para las actualizaciones a información de ayuda de la APP Store, permitiendo a atacantes de "hombre en medio" ejecutar código arbitrario mediante la suplantación de un servidor http. OS X Lion has a securi... • https://packetstorm.news/files/id/105826 •
CVSS: 8.8EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3227 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-3227
13 Oct 2011 — libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. libsecurity en Apple Mac OS X antes de v10.7.2 no controla correctamente los errores durante el procesamiento de una extensión no estándar en la lista de certificados revocados (CRL), lo que permite a... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-20: Improper Input Validation •