CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2013-0973
https://notcve.org/view.php?id=CVE-2013-0973
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. Software Update en Apple Mac OS X hasta v10.7.5 no impide que la carga de complementos en el marketing-text WebView, permitiendo que atacantes de hombre en medio (man-in-the-middle) ejecuten código del plugin mediante la modificación del flujo de datos cliente-servidor. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html •
CVSS: 4.6EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3723
https://notcve.org/view.php?id=CVE-2012-3723
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. Apple Mac OS X anterior a v10.7.5 no controla correctamente el campo bNbrPorts de un descriptor de un concentrador USB, lo que permite a atacantes físicamente próximos a ejecutar código o provocar una denegación de servicio (corrupción de memoria y caída del sistema) conectando un dispositivo USB. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2012-3716
https://notcve.org/view.php?id=CVE-2012-3716
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. CoreText en Apple Mac OS X v10.7.x anteriores a v10.7.5 permite a atacantes remotos a ejecutar código o provocar una denegación de servicio (escritura o lectura fuera del límite) a través de una texto glyph manipulado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2012-3719
https://notcve.org/view.php?id=CVE-2012-3719
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. La app Mail en Apple Mac OS X antes de v10.7.5 no maneja correctamente los plugins web, lo que permite a atacantes remotos ejecutar código de su elección a través de un mensaje de correo electrónico que activa la carga de un plugin de terceros. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78751 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 144EXPL: 0CVE-2012-3718
https://notcve.org/view.php?id=CVE-2012-3718
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. Apple Mac OS X v10.7.5 y v10.8.x antes de v10.8.2 permite a usuarios locales leer contraseñas introducidas en las ventana LoginWindow (Es decir la ventana de inicio) o "Unlock Screensaver" mediante la instalación de un método de entrada de pulsaciones que intercepta las pulsaciones del teclado. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://osvdb.org/85647 http://support.apple.com/kb/HT5501 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •