VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2011-0231Oct 14, 2011
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

  • CVE-2011-0230Oct 14, 2011
    risk 0.00cvss epss 0.04

    Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2011-0229Oct 14, 2011
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

  • CVE-2011-0224Oct 14, 2011
    risk 0.00cvss epss 0.03

    CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

  • CVE-2011-0185Oct 14, 2011
    risk 0.00cvss epss 0.00

    Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.

  • CVE-2011-2834Sep 19, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

  • CVE-2011-3422Sep 12, 2011
    risk 0.00cvss epss 0.01

    The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate,…

  • CVE-2011-2821Aug 29, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

  • CVE-2011-2192Jul 7, 2011
    risk 0.00cvss epss 0.03

    The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

  • CVE-2011-2601Jun 30, 2011
    risk 0.00cvss epss 0.02

    The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox…

  • CVE-2011-1132Jun 24, 2011
    risk 0.00cvss epss 0.00

    The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.

  • CVE-2011-0213Jun 24, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.

  • CVE-2011-0212Jun 24, 2011
    risk 0.00cvss epss 0.02

    servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with…

  • CVE-2011-0211Jun 24, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

  • CVE-2011-0210Jun 24, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.

  • CVE-2011-0209Jun 24, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

  • CVE-2011-0208Jun 24, 2011
    risk 0.00cvss epss 0.03

    QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

  • CVE-2011-0207Jun 24, 2011
    risk 0.00cvss epss 0.02

    The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

  • CVE-2011-0206Jun 24, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

  • CVE-2011-0205Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.

Page 72 of 105