CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3462
https://notcve.org/view.php?id=CVE-2011-3462
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. La aplicación Time Machine en Apple Mac OS X antes de v10.7.3 no comprueba remotamente el identificador único del volumen AFP o de la Capsula de Tiempo (Time Capsule), lo que permite a atacantes remotos obtener información sensible contenida en nuevas copias de seguridad por suplantación de este objeto de almacenamiento. Se trata de una vulnerabilidad diferente a la CVE-2010-1803. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5130 •
CVSS: 7.5EPSS: 6%CPEs: 24EXPL: 0CVE-2011-3460 – Apple Quicktime PNG Depth Decoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3460
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. Desbordamiento de búfer en QuickTime en Apple Mac OS X antes de v10.7.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de un archivo PNG manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00005.html http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5261 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 136EXPL: 0CVE-2011-3228
https://notcve.org/view.php?id=CVE-2011-3228
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. QuickTime en Apple Mac OS X anterior a v10.7.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo de película especialmente diseñado • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76372 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 http://www.securityfocus.com/bid/50085 http://www.securityfocus.com/bid/50127 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.6EPSS: 0%CPEs: 132EXPL: 0CVE-2011-3224 – Mac App Store Man-In-The-Middle / Remote Command Execution
https://notcve.org/view.php?id=CVE-2011-3224
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. El componente User Documentation en Apple Mac OS X hasta v10.6.8 usa sesiones http para las actualizaciones a información de ayuda de la APP Store, permitiendo a atacantes de "hombre en medio" ejecutar código arbitrario mediante la suplantación de un servidor http. Mac App Store suffers from a man-in-the-middle vulnerability that allows for remote command execution. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76375 http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 •
CVSS: 7.6EPSS: 0%CPEs: 136EXPL: 0CVE-2011-3213
https://notcve.org/view.php?id=CVE-2011-3213
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. El componente File Systems en Apple Mac OS X anterior a v10.7.2 no lleva correctamente el certificado específico X.509 que un usuario manualmente ha aceptado para una conexión inicial https WebDAV, lo que permite un ataque man-in-the-middle para secuestrar la comunicación WebDAV prsentando un certificado de su elección para una conexión subsiguiente. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://support.apple.com/kb/HT5002 http://www.securityfocus.com/bid/50085 • CWE-264: Permissions, Privileges, and Access Controls •