U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
There are 1,963 matching records.
Displaying matches 1,761 through 1,780.
Vuln ID Summary CVSS Severity
CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0983

Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 1.7 LOW
CVE-2013-0975

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0986

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.

Published: May 24, 2013; 12:43:58 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-0976

IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.

Published: March 15, 2013; 4:55:11 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Published: March 05, 2013; 4:38:56 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

Published: September 20, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

Published: September 20, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-3721

Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.

Published: September 20, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-3720

Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.

Published: September 20, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

Published: September 20, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

Published: September 20, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Published: September 20, 2012; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Published: July 03, 2012; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

Published: May 10, 2012; 11:49:59 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH