Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-0231 | 0.00 | — | 0.01 | Oct 14, 2011 | CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | |||
| CVE-2011-0230 | 0.00 | — | 0.04 | Oct 14, 2011 | Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2011-0229 | 0.00 | — | 0.02 | Oct 14, 2011 | Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. | |||
| CVE-2011-0224 | 0.00 | — | 0.03 | Oct 14, 2011 | CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | |||
| CVE-2011-0185 | 0.00 | — | 0.00 | Oct 14, 2011 | Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | |||
| CVE-2011-2834 | 0.00 | — | 0.02 | Sep 19, 2011 | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||
| CVE-2011-3422 | 0.00 | — | 0.01 | Sep 12, 2011 | The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate,… | |||
| CVE-2011-2821 | 0.00 | — | 0.02 | Aug 29, 2011 | Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | |||
| CVE-2011-2192 | 0.00 | — | 0.03 | Jul 7, 2011 | The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | |||
| CVE-2011-2601 | 0.00 | — | 0.02 | Jun 30, 2011 | The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox… | |||
| CVE-2011-1132 | 0.00 | — | 0.00 | Jun 24, 2011 | The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options. | |||
| CVE-2011-0213 | 0.00 | — | 0.03 | Jun 24, 2011 | Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. | |||
| CVE-2011-0212 | 0.00 | — | 0.02 | Jun 24, 2011 | servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with… | |||
| CVE-2011-0211 | 0.00 | — | 0.03 | Jun 24, 2011 | Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||
| CVE-2011-0210 | 0.00 | — | 0.03 | Jun 24, 2011 | QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | |||
| CVE-2011-0209 | 0.00 | — | 0.03 | Jun 24, 2011 | Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | |||
| CVE-2011-0208 | 0.00 | — | 0.03 | Jun 24, 2011 | QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | |||
| CVE-2011-0207 | 0.00 | — | 0.02 | Jun 24, 2011 | The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | |||
| CVE-2011-0206 | 0.00 | — | 0.03 | Jun 24, 2011 | Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. | |||
| CVE-2011-0205 | 0.00 | — | 0.04 | Jun 24, 2011 | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. |
- CVE-2011-0231Oct 14, 2011risk 0.00cvss —epss 0.01
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
- CVE-2011-0230Oct 14, 2011risk 0.00cvss —epss 0.04
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2011-0229Oct 14, 2011risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
- CVE-2011-0224Oct 14, 2011risk 0.00cvss —epss 0.03
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
- CVE-2011-0185Oct 14, 2011risk 0.00cvss —epss 0.00
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
- CVE-2011-2834Sep 19, 2011risk 0.00cvss —epss 0.02
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
- CVE-2011-3422Sep 12, 2011risk 0.00cvss —epss 0.01
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate,…
- CVE-2011-2821Aug 29, 2011risk 0.00cvss —epss 0.02
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
- CVE-2011-2192Jul 7, 2011risk 0.00cvss —epss 0.03
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
- CVE-2011-2601Jun 30, 2011risk 0.00cvss —epss 0.02
The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox…
- CVE-2011-1132Jun 24, 2011risk 0.00cvss —epss 0.00
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.
- CVE-2011-0213Jun 24, 2011risk 0.00cvss —epss 0.03
Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.
- CVE-2011-0212Jun 24, 2011risk 0.00cvss —epss 0.02
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with…
- CVE-2011-0211Jun 24, 2011risk 0.00cvss —epss 0.03
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
- CVE-2011-0210Jun 24, 2011risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.
- CVE-2011-0209Jun 24, 2011risk 0.00cvss —epss 0.03
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
- CVE-2011-0208Jun 24, 2011risk 0.00cvss —epss 0.03
QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
- CVE-2011-0207Jun 24, 2011risk 0.00cvss —epss 0.02
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.
- CVE-2011-0206Jun 24, 2011risk 0.00cvss —epss 0.03
Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.
- CVE-2011-0205Jun 24, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.
Page 72 of 105