Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2074 |
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. Published: May 10, 2011; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2011-0076 |
Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. Published: May 07, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-0610 |
The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: May 03, 2011; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0611 |
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. Published: April 13, 2011; 10:55:01 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0183 |
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." Published: March 22, 2011; 10:00:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0182 |
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. Published: March 22, 2011; 10:00:05 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-0181 |
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0180 |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-0179 |
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0178 |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-0177 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0176 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0175 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0174 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0173 |
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0609 |
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. Published: March 15, 2011; 1:55:03 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1417 |
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Published: March 11, 2011; 12:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-1073 |
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. Published: March 04, 2011; 6:00:01 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2010-4754 |
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Published: March 02, 2011; 3:00:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2011-0606 |
Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. Published: February 10, 2011; 1:00:59 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |