Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3463 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 7.2 HIGH· v2 WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
CVE-2011-3462 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoof...Show more Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.Show less
CVE-2011-3460 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
CVE-2011-3459 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buf...Show more Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.Show less
CVE-2011-3458 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted...Show more QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.Show less
CVE-2011-3457 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (me...Show more The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.Show less
CVE-2011-3453 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
CVE-2011-3452 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password f...Show more Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.Show less
CVE-2011-3450 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and applic...Show more CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.Show less
CVE-2011-3449 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
CVE-2011-3448 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
CVE-2011-3447 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
CVE-2011-3446 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via...Show more Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.Show less
CVE-2011-3444 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Feb 2, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection...Show more Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.Show less
CVE-2011-3919 5Apple DebianGoogle+2 more 9Chrome Debian LinuxEnterprise Linux Desktop+6 more Apr 29, 2026 Jan 7, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-1516 1Apple 1Mac Os X Apr 29, 2026 Nov 15, 2011 N/A· v4 N/A· v3 7.6 HIGH· v2 The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resource...Show more The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.Show less
CVE-2008-7303 1Apple 1Mac Os X Apr 29, 2026 Nov 15, 2011 N/A· v4 N/A· v3 7.6 HIGH· v2 The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstra...Show more The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.Show less
CVE-2011-3437 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
CVE-2011-3436 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by...Show more Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.Show less
CVE-2011-3435 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 2.1 LOW· v2 Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.

Previous 1...119120121...161 Next