Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.0:*:*:*:*:*:*:*
There are 1,904 matching records.
Displaying matches 1,761 through 1,780.
Vuln ID Summary CVSS Severity
CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0649

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

Published: May 10, 2012; 11:49:58 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: March 30, 2012; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3462

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3460

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3459

Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3458

QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3457

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3453

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3452

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3449

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3448

Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-3446

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

Published: February 02, 2012; 1:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: January 07, 2012; 6:55:13 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-3242

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

Published: October 14, 2011; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM