CVSS: 6.1EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3215 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-3215
13 Oct 2011 — The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. El Kernel en Apple Mac OS X anterior a v10.7.2 no previene adecuadamente FireWire DMA en ausencia de login, lo que permite a atacantes físicamente próximos evitar las restricciones de acceso y descubrir una contrase... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 132EXPL: 0CVE-2011-0224 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0224
13 Oct 2011 — CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. CoreMedia en Apple Mac OS X v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de un archivo de película QuickTime manipulado. OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Applicat... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 72%CPEs: 99EXPL: 3CVE-2011-3230 – Apple Safari - 'file://' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-3230
13 Oct 2011 — Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vu... • https://packetstorm.news/files/id/105827 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3220 – Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3220
13 Oct 2011 — QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. QuickTime en Apple Mac OS X anterior a v10.7.2 no procesa correctamente los datos de los manipuladores URL de los archivos de película, lo que permite a atacantes remotos obtener información sensible desde memoria no inicializada mediante un fichero especialmente diseñado. This vulnerability... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 136EXPL: 0CVE-2011-3221 – Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3221
13 Oct 2011 — QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. QuickTime en Apple Mac OS X anterior a v10.7.2 no controla correctamente la jerarquía de atom en los archivos de películas, permitiendo a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo especialmente diseñad... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 2%CPEs: 136EXPL: 0CVE-2011-3222 – Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3222
13 Oct 2011 — Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Desbordamiento de búfer basado en pila en Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código de su elección a través o causar una denegación de servicio (caída de la aplicación) mediante un fichero FlashPix manipulado This vulnerability allows remote attackers to execute arbitrary code on vulner... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 2%CPEs: 136EXPL: 0CVE-2011-3223 – Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3223
13 Oct 2011 — Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. Desbordamiento de búfer basado en pila en QuickTime in Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) mediante un fichero de película FLIC manipulado. This vulnerability allows remote attackers to execute arbitrary... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2011-3422 – Apple Security Advisory 2012-02-01-1
https://notcve.org/view.php?id=CVE-2011-3422
10 Sep 2011 — The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. La implementación del Keychain en Apple Mac OS X v10.6.8 y anteriores no controla correctamente un atributo, no es de confianza un certificado de una autoridad de certificación, lo que ha... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
17 Jun 2011 — jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documen... • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0174
https://notcve.org/view.php?id=CVE-2011-0174
23 Mar 2011 — Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Desbordamiento de búfer en memoria dinámica en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente OpenType manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •