VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2011-0204Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.

  • CVE-2011-0203Jun 24, 2011
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.

  • CVE-2011-0202Jun 24, 2011
    risk 0.00cvss epss 0.02

    Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.

  • CVE-2011-0201Jun 24, 2011
    risk 0.00cvss epss 0.03

    Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.

  • CVE-2011-0200Jun 24, 2011
    risk 0.00cvss epss 0.04

    Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.

  • CVE-2011-0198Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.

  • CVE-2011-0197Jun 24, 2011
    risk 0.00cvss epss 0.00

    App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

  • CVE-2011-0196Jun 24, 2011
    risk 0.00cvss epss 0.02

    AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

  • CVE-2009-5044Jun 24, 2011
    risk 0.00cvss epss 0.00

    contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

  • CVE-2011-0194Mar 23, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

  • CVE-2011-0193Mar 23, 2011
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

  • CVE-2011-0190Mar 23, 2011
    risk 0.00cvss epss 0.01

    Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

  • CVE-2011-0189Mar 23, 2011
    risk 0.00cvss epss 0.01

    The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

  • CVE-2011-0187Mar 23, 2011
    risk 0.00cvss epss 0.02

    The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

  • CVE-2011-0186Mar 23, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

  • CVE-2011-0184Mar 23, 2011
    risk 0.00cvss epss 0.03

    QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.

  • CVE-2011-0183Mar 23, 2011
    risk 0.00cvss epss 0.02

    Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

  • CVE-2011-0181Mar 23, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

  • CVE-2011-0179Mar 23, 2011
    risk 0.00cvss epss 0.02

    CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

  • CVE-2011-0178Mar 23, 2011
    risk 0.00cvss epss 0.00

    The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

Page 73 of 105