IDCVSSSummaryLast (major) updatePublished
CVE-2011-0173 6.8
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2011-0178 2.1
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this di
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2011-0181 6.8
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
27-06-2011 - 04:00 23-03-2011 - 02:00
CVE-2011-3242 5.0
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-3231 6.8
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-3230 6.8
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-1417 6.8
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicatio
30-03-2012 - 04:00 11-03-2011 - 17:55
CVE-2012-3722 6.8
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2011-0174 6.8
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2010-0500 7.8
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2012-0675 4.3
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2011-0179 6.8
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2006-1984 5.0
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that trig
20-07-2017 - 01:31 21-04-2006 - 22:02
CVE-2010-0057 7.5
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
31-03-2010 - 04:00 30-03-2010 - 17:30
CVE-2012-0659 6.8
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2011-0180 2.1
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2012-0657 2.1
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2010-0497 6.8
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
31-03-2010 - 15:30 30-03-2010 - 18:30
CVE-2012-0662 7.5
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2011-0229 6.8
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2009-1236 10.0
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwri
29-09-2017 - 01:34 02-04-2009 - 17:30
CVE-2011-0231 5.0
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0177 6.8
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2011-0183 5.0
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2010-0065 6.8
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2010-0508 10.0
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2012-0650 7.5
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
21-09-2012 - 04:00 20-09-2012 - 21:55
CVE-2012-0660 6.8
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2011-0176 6.8
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.
24-03-2011 - 04:00 23-03-2011 - 02:00
CVE-2009-1235 7.2
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk imag
29-09-2017 - 01:34 02-04-2009 - 17:30
CVE-2011-0182 7.2
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
14-02-2012 - 04:03 23-03-2011 - 02:00
CVE-2010-0063 6.8
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2009-1237 4.9
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
29-09-2017 - 01:34 02-04-2009 - 17:30
CVE-2010-0505 6.8
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGIm
10-10-2018 - 19:52 30-03-2010 - 18:30
CVE-2012-0655 6.4
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-snif
05-12-2017 - 02:29 11-05-2012 - 03:49
CVE-2009-1238 7.2
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS co
29-09-2017 - 01:34 02-04-2009 - 17:30
CVE-2010-0525 5.0
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive i
21-06-2010 - 04:00 30-03-2010 - 18:30
CVE-2005-2752 2.1
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
08-03-2011 - 02:24 01-11-2005 - 12:47
CVE-2012-0649 6.9
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
05-12-2017 - 02:29 11-05-2012 - 03:49
CVE-2011-0185 4.4
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2010-0507 6.8
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2010-0533 7.5
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
10-09-2013 - 17:18 30-03-2010 - 17:30
CVE-2004-0430 5.1
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that inc
11-07-2017 - 01:30 07-07-2004 - 04:00
CVE-2010-0509 7.2
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2011-0224 6.8
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2012-0658 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
30-05-2012 - 03:42 11-05-2012 - 03:49
CVE-2010-0513 6.8
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Per: http://support.apple.com/kb/HT4077
09-04-2010 - 05:42 30-03-2010 - 18:30
CVE-2011-0175 6.8
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
24-03-2011 - 18:35 23-03-2011 - 02:00
CVE-2010-0498 7.2
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
31-03-2010 - 15:37 30-03-2010 - 18:30
CVE-2012-0654 6.8
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ce
05-12-2017 - 02:29 11-05-2012 - 03:49
CVE-2011-0230 7.5
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2009-2835 4.6
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2013-0984 9.3
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
05-06-2013 - 16:11 05-06-2013 - 14:39
CVE-2009-2834 4.9
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
17-11-2009 - 05:00 10-11-2009 - 19:30
CVE-2009-2820 4.3
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTT
19-09-2017 - 01:29 10-11-2009 - 19:30
CVE-2008-2310 6.8
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
08-08-2017 - 01:30 01-07-2008 - 18:41
CVE-2009-2825 4.3
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL ser
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2006-3356 2.6
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE:
20-07-2017 - 01:32 06-07-2006 - 20:05
CVE-2008-1573 7.1
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
08-08-2017 - 01:30 02-06-2008 - 21:30
CVE-2009-2808 5.4
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spo
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2823 4.3
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
24-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2011-3222 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3446 7.5
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accesse
03-02-2012 - 05:00 02-02-2012 - 18:55
CVE-2011-3459 6.8
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
18-05-2012 - 03:43 02-02-2012 - 18:55
CVE-2008-4218 7.2
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2008-4222 7.1
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2012-3719 6.8
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2011-3216 2.1
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3220 4.3
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3224 2.6
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3228 6.8
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3215 2.1
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1)
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3221 6.8
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3223 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2008-4221 10.0
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory al
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2008-4234 9.3
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application asso
08-08-2017 - 01:32 17-12-2008 - 01:30
CVE-2011-3213 7.6
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communic
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3218 2.6
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing th
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2008-4217 9.3
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2008-4219 4.9
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in th
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2011-3214 4.6
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3453 7.5
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
06-01-2018 - 02:29 02-02-2012 - 18:55
CVE-2008-4236 7.1
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2012-3718 2.1
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
06-06-2013 - 04:00 20-09-2012 - 21:55
CVE-2011-3217 6.8
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3227 6.8
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (app
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3449 6.8
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
03-02-2012 - 05:00 02-02-2012 - 18:55
CVE-2011-3462 5.0
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a dif
03-02-2012 - 05:00 02-02-2012 - 18:55
CVE-2012-3723 4.6
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a
29-08-2017 - 01:32 20-09-2012 - 21:55
CVE-2011-3448 6.8
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
03-02-2012 - 05:00 02-02-2012 - 18:55
CVE-2008-4237 10.0
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2011-3444 4.3
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network
06-02-2012 - 05:00 02-02-2012 - 18:55
CVE-2011-3460 7.5
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
18-05-2012 - 03:43 02-02-2012 - 18:55
CVE-2008-4220 10.0
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related t
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2011-3457 7.5
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicatio
22-09-2012 - 03:25 02-02-2012 - 18:55
CVE-2011-3422 4.3
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Ext
29-08-2017 - 01:30 12-09-2011 - 12:40
CVE-2011-3458 6.8
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
18-05-2012 - 03:43 02-02-2012 - 18:55
CVE-2008-4224 7.1
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2011-3452 4.3
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
03-02-2012 - 16:16 02-02-2012 - 18:55
CVE-2010-0521 5.0
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
21-06-2010 - 04:00 30-03-2010 - 18:30
CVE-2010-0502 4.3
iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type. Per: http://s
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2010-0510 9.0
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. Per: http://support.apple.com/kb/HT4077 'This issue
31-03-2010 - 18:08 30-03-2010 - 18:30
CVE-2010-0501 6.8
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. Per: http://support.apple.com/kb/HT4077 'This issue only affects Mac OS X Serve
31-03-2010 - 04:00 30-03-2010 - 18:30
CVE-2010-0504 7.5
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Per: http://support.apple.com/kb/H
31-03-2010 - 17:14 30-03-2010 - 18:30
CVE-2010-0503 6.5
Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Per: http://support.apple.com/kb/HT4077
31-03-2010 - 17:07 30-03-2010 - 18:30
CVE-2009-2818 5.0
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Per: http://suppor
17-11-2009 - 07:02 10-11-2009 - 19:30
CVE-2009-2832 5.1
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related t
17-11-2009 - 07:03 10-11-2009 - 19:30
CVE-2008-4223 10.0
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
08-03-2011 - 03:12 17-12-2008 - 01:30
CVE-2016-1777 5.0
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
20-12-2016 - 02:59 24-03-2016 - 01:59
CVE-2015-5911 10.0
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
22-12-2016 - 03:00 18-09-2015 - 12:00
CVE-2016-1776 5.0
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.
20-12-2016 - 02:59 24-03-2016 - 01:59
CVE-2016-1774 5.0
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by rea
20-12-2016 - 02:59 24-03-2016 - 01:59
CVE-2016-1787 5.0
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
20-12-2016 - 02:59 24-03-2016 - 01:59
CVE-2015-7031 5.0
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
24-12-2016 - 02:59 23-10-2015 - 10:59
Back to Top Mark selected
Back to Top