Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0176 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. | |||||
CVE-2011-0177 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. | |||||
CVE-2011-0178 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2011-03-23 | 2.1 LOW | N/A |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | |||||
CVE-2011-0179 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. | |||||
CVE-2011-0180 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 2.1 LOW | N/A |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | |||||
CVE-2011-0183 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 5.0 MEDIUM | N/A |
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." | |||||
CVE-2011-0189 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2011-03-22 | 5.0 MEDIUM | N/A |
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. | |||||
CVE-2011-0190 | 1 Apple | 3 Installer, Mac Os X, Mac Os X Server | 2011-03-22 | 4.3 MEDIUM | N/A |
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | |||||
CVE-2011-0193 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-22 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | |||||
CVE-2011-0194 | 1 Apple | 3 Imageio, Mac Os X, Mac Os X Server | 2011-03-22 | 6.8 MEDIUM | N/A |
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | |||||
CVE-2010-2264 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-03-17 | 4.3 MEDIUM | N/A |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | |||||
CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2011-03-14 | 9.3 HIGH | N/A |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||
CVE-2009-0020 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.8 HIGH | N/A |
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. | |||||
CVE-2009-0018 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.8 HIGH | N/A |
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. | |||||
CVE-2009-0014 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.1 LOW | N/A |
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. | |||||
CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | |||||
CVE-2009-0017 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. | |||||
CVE-2009-0019 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.5 HIGH | N/A |
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. | |||||
CVE-2009-0138 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 10.0 HIGH | N/A |
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. | |||||
CVE-2009-0140 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 9.3 HIGH | N/A |
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. |