CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2011-0181
https://notcve.org/view.php?id=CVE-2011-0181
23 Mar 2011 — Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. Desbordamiento de enteros en ImageIO en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (solicitud de bloqueo) a través de una imagen XBM manipulada. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2011-0182 – Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)
https://notcve.org/view.php?id=CVE-2011-0182
23 Mar 2011 — The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. La llamada al sistema i386_set_ldt en el núcleo en Apple Mac OS X antes de v10.6.7 no controla correctamente las puertas de llamadas "call gates", que permite a usuarios locales conseguir privilegios a través de vectores que implican la creación de una puerta de entrada de llamadas. • https://www.exploit-db.com/exploits/17901 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0183
https://notcve.org/view.php?id=CVE-2011-0183
23 Mar 2011 — Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." Libinfo en Apple Mac OS X antes de v10.6.7 no controla correctamente un campo entero sin especificar en un paquete NFS RPC, que permite a atacantes remotos provocar una denegación de servicio (lockd, statd, mountd, o corte de portm... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2011-0176 – Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0176
22 Mar 2011 — Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. Múltiples desbordamientos de búfer en Apple Type Services (ATS) en Apple Mac OS X antes de v10.6.7 permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene embebida una fuente de tipo 1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable insta... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.7EPSS: 4%CPEs: 44EXPL: 0CVE-2011-1417 – Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1417
11 Mar 2011 — Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Un desbordamiento de e... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 27%CPEs: 26EXPL: 0CVE-2010-2941 – cups: cupsd memory corruption vulnerability
https://notcve.org/view.php?id=CVE-2010-2941
05 Nov 2010 — ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. ipp.c en cupsd en CUPS v1.4.4 y anteriores no asigna correctamente memoria para valores de atributo con tipos de datos de cadena inválidos, permitiendo a atacantes remotos provocar una denegación de servicio (uso después de ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1637 – SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports
https://notcve.org/view.php?id=CVE-2010-1637
22 Jun 2010 — The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. El plugin Mail Fetch en SquirrelMail 1.4.20 y versiones anteriores, permite a atacantes remotos autenticados eludir las restricciones del firewall y usar SquirrelMail como un proxy para escanear redes internas mediante un número de puerto POP3 modificado. • http://conference.hitb.org/hitbsecconf2010dxb/materials/D1%20-%20Laurent%20Oudot%20-%20Improving%20the%20Stealthiness%20of%20Web%20Hacking.pdf#page=69 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0063
https://notcve.org/view.php?id=CVE-2010-0063
30 Mar 2010 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior v10.6.3 hace que sea fácil para atacantes asistidos por us... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •
CVSS: 7.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0065
https://notcve.org/view.php?id=CVE-2010-0065
30 Mar 2010 — Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. Disk Images de Apple Mac OS X anterior a v10.6.3 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) mediante una imagen de disco manipulada con compresión bzip2. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0497 – Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0497
30 Mar 2010 — Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. Disk Images en Apple Mac OS X anteriores a v10.6.3 no proporciona la advertencia esperada de tipo de fichero inseguro en una imagen de disco habilitada para internet, lo cual facilita a atacantes remotos asistidos por usuarios ejecutar código a su elección a trav... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •