![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-3719
https://notcve.org/view.php?id=CVE-2012-3719
20 Sep 2012 — Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. La app Mail en Apple Mac OS X antes de v10.7.5 no maneja correctamente los plugins web, lo que permite a atacantes remotos ejecutar código de su elección a través de un mensaje de correo electrónico que activa la carga de un plugin de terceros. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html • CWE-20: Improper Input Validation •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0657
https://notcve.org/view.php?id=CVE-2012-0657
11 May 2012 — Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. Quartz Composer en Apple Mac OS X antes de v10.7.4, cuando el salvapantallas RSS Visualizer está activado, permite a atacantes físicamente próximos eludir el bloqueo de pantalla y poner en marcha un proceso de Safari a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0654
https://notcve.org/view.php?id=CVE-2012-0654
11 May 2012 — libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. libsecurity en Apple Mac OS X antes de v10.7.4 acceda a posiciones de memoria sin inicializar durante la tramitación de los certificados X.509, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0662 – Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0662
11 May 2012 — Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. Desbordamiento de entero en el Security Framework en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una entrada modificada. This vulnerability allows remote attack... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-189: Numeric Errors •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0649
https://notcve.org/view.php?id=CVE-2012-0649
11 May 2012 — Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Condición de carrera en la rutina de inicialización en el Bluetooth en Apple Mac OS X antes de v10.7.4 permite a usuarios locales conseguir privilegios a través de vectores relacionados con un archivo temporal. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0651
https://notcve.org/view.php?id=CVE-2012-0651
11 May 2012 — The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. El servidor de directorios en el servicio de directorio de Apple Mac OS X v10.6.8 permite a atacantes remotos obtener información sensible de la memoria del proceso a través de un mensaje manipulado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0659 – Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0659
11 May 2012 — Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de entero en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-189: Numeric Errors •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0675
https://notcve.org/view.php?id=CVE-2012-0675
11 May 2012 — Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. Time Machine de Apple Mac OS X antes de v10.7.4 no requiere el uso continuo de la autenticación basada en SRP después de este método de autenticación que haya utilizado por primera vez, lo que permite a atacantes remotos leer las credenciales de la Time Capsule por ... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-287: Improper Authentication •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0655
https://notcve.org/view.php?id=CVE-2012-0655
11 May 2012 — libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. libsecurity en Apple Mac OS X anteriores a 10.7.4 no restringe apropiadamente la longitud de las claves RSA de certificados X.509, lo que facilita a atacantes remotos evitar los mecanismos de pr... • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-310: Cryptographic Issues •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2012-0660
https://notcve.org/view.php?id=CVE-2012-0660
11 May 2012 — Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo MPEG modificado. • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •