Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.0.0
There are 3,145 matching records.
Displaying matches 2,841 through 2,860.
Vuln ID Summary CVSS Severity
CVE-2011-3446

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0450

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

Published: February 01, 2012; 11:55:01 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: January 07, 2012; 6:55:13 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3666

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.

Published: December 20, 2011; 11:02:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.

Published: December 20, 2011; 11:02:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-4369

Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Published: December 16, 2011; 2:55:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-4694

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published: December 07, 2011; 3:55:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-4693

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Published: December 07, 2011; 3:55:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2462

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Published: December 07, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

Published: November 09, 2011; 6:55:03 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3228

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3224

The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-3223

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3222

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3221

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM