
CVE-2011-3242 – Apple Security Advisory 2011-10-12-4
https://notcve.org/view.php?id=CVE-2011-3242
13 Oct 2011 — The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. La característica de navegación privada en Apple Safari antes de v5.1.1 en Mac OS X no reconoce adecuadamente el valor "Always" de la caracteristica "Block Cookies", lo que hace más sencillo para servidores remotos localizar a usuarios a través de una cookie. Safari version 5.1.1 is now avail... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2011-0185 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0185
13 Oct 2011 — Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. Vulnerabilidad de formato de cadena en la funcionalidad debug-logging en el Firewall de Aplicación en Apple Mac OS X anteriores a v10.7.2 que permite a usuarios locales conseguir privilegios a través de un nombre de archivo ejecutable manipulado. OS X Lion has a security update available that addresses findings in Apa... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-134: Use of Externally-Controlled Format String •

CVE-2011-0224 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0224
13 Oct 2011 — CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. CoreMedia en Apple Mac OS X v10.6.8 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de un archivo de película QuickTime manipulado. OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Applicat... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2011-0229 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0229
13 Oct 2011 — Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. Apple Type Services (ATS) en Apple Mac OS X v10.6.8 no maneja adecuadamente fuentes incrustadas de Tipo 1, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento manipulado que provoca un acceso a memoria con desbordamiento. OS X Lion has a sec... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-0230 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0230
13 Oct 2011 — Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer en la API de ATSFontDeactivate en Apple Type Services (ATS) en Apple Mac OS X v10.7.2 y anteriores que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores no especificados.... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-0231 – Apple Security Advisory 2011-10-12-3
https://notcve.org/view.php?id=CVE-2011-0231
13 Oct 2011 — CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." CFNetwork en Apple Mac OS X v10.7.2 no aplica de forma adecuada la política de almacenamiento de cookies, lo que hace que sea fácil para servidores Web remotos rastrear a los usuarios a través de una cookie, en relación con un "problema de sincronización". OS X Lion has a security update available... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2011-3230 – Apple Safari file:// Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2011-3230
13 Oct 2011 — Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Apple Safari anterior a v5.1.1 en Mac OS X no aplica una política destinada a archivo: URLs, que permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado. Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vu... • https://packetstorm.news/files/id/105827 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2011-3422 – Apple Security Advisory 2012-02-01-1
https://notcve.org/view.php?id=CVE-2011-3422
10 Sep 2011 — The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. La implementación del Keychain en Apple Mac OS X v10.6.8 y anteriores no controla correctamente un atributo, no es de confianza un certificado de una autoridad de certificación, lo que ha... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-20: Improper Input Validation •

CVE-2011-1755 – jabberd: DoS via the XML "billion laughs attack"
https://notcve.org/view.php?id=CVE-2011-1755
17 Jun 2011 — jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. jabberd2 antes de v2.2.14 no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( consumo de memoria y CPU ) a través de un documen... • http://codex.xiaoka.com/svn/jabberd2/tags/jabberd-2.2.14/ChangeLog • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVE-2011-0174
https://notcve.org/view.php?id=CVE-2011-0174
23 Mar 2011 — Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Desbordamiento de búfer en memoria dinámica en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente OpenType manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •