Total
799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0200 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 6.8 MEDIUM | N/A |
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | |||||
CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-03 | 4.3 MEDIUM | N/A |
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | |||||
CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 7.2 HIGH | N/A |
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | |||||
CVE-2011-3446 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 7.5 HIGH | N/A |
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. | |||||
CVE-2011-3447 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 4.3 MEDIUM | N/A |
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. | |||||
CVE-2011-3450 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 6.8 MEDIUM | N/A |
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. | |||||
CVE-2011-3449 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | |||||
CVE-2011-3448 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||||
CVE-2011-3462 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-02 | 5.0 MEDIUM | N/A |
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. | |||||
CVE-2011-3215 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 2.1 LOW | N/A |
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | |||||
CVE-2011-3227 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 6.8 MEDIUM | N/A |
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | |||||
CVE-2011-3226 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 6.8 MEDIUM | N/A |
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | |||||
CVE-2011-3228 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
CVE-2011-3213 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 7.6 HIGH | N/A |
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | |||||
CVE-2011-3214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 4.6 MEDIUM | N/A |
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | |||||
CVE-2011-3225 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 5.0 MEDIUM | N/A |
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | |||||
CVE-2011-3216 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 2.1 LOW | N/A |
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | |||||
CVE-2011-3224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 2.6 LOW | N/A |
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | |||||
CVE-2011-3217 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 6.8 MEDIUM | N/A |
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. | |||||
CVE-2011-3218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-13 | 2.6 LOW | N/A |
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |