Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-3716 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Sep 20, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
CVE-2012-0650 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Sep 20, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vector...Show more Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Show less
CVE-2012-1148 2Apple Libexpat Project 2Libexpat Mac Os X Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause i...Show more Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.Show less
CVE-2012-1147 2Apple Libexpat Project 2Libexpat Mac Os X Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVE-2012-1823 8Apple DebianFedoraproject+5 more 17Application Stack Debian LinuxEnterprise Linux Desktop+14 more Apr 21, 2026 May 11, 2012 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers...Show more sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.Show less
CVE-2012-0675 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by sp...Show more Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.Show less
CVE-2012-0662 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
CVE-2012-0661 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 e...Show more Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.Show less
CVE-2012-0660 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVE-2012-0659 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVE-2012-0658 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is prog...Show more Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.Show less
CVE-2012-0657 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 2.1 LOW· v2 Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
CVE-2012-0656 1Apple 1Mac Os X Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no passw...Show more Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.Show less
CVE-2012-0655 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conduct...Show more libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.Show less
CVE-2012-0654 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (appli...Show more libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.Show less
CVE-2012-0652 1Apple 1Mac Os X Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain...Show more Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.Show less
CVE-2012-0651 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
CVE-2012-0649 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 May 11, 2012 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
CVE-2011-3058 2Apple Google 3Chrome Iphone OsMac Os X Apr 29, 2026 Mar 30, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2011-3026 4Apple GoogleOpensuse+1 more 7Chrome Iphone OsLinux Enterprise Server+4 more Apr 29, 2026 Feb 16, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncati...Show more Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Show less

Previous 1...118119120...161 Next