Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.1.5
There are 3,242 matching records.
Displaying matches 2,901 through 2,920.
Vuln ID Summary CVSS Severity
CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3231

The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3228

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3224

The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-3223

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3222

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3221

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3220

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3218

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-3217

MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3216

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-3215

The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-3214

IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2011-3213

The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-0230

Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Published: October 14, 2011; 6:55:08 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-0229

Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

Published: October 14, 2011; 6:55:07 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0224

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

Published: October 14, 2011; 6:55:07 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM