U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
There are 1,971 matching records.
Displaying matches 1,861 through 1,880.
Vuln ID Summary CVSS Severity
CVE-2011-0179

CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-0177

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0176

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0175

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0174

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

Published: March 22, 2011; 10:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1417

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

Published: March 11, 2011; 12:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Published: March 02, 2011; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Published: December 07, 2010; 4:00:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Published: November 05, 2010; 1:00:01 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH
CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 2:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2520

Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 2:00:04 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2010-2519

Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.

Published: August 19, 2010; 2:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2500

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 2:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2499

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.

Published: August 19, 2010; 2:00:04 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM