Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-0201 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that tr...Show more Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.Show less
CVE-2011-0200 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profil...Show more Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.Show less
CVE-2011-0199 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 5.9 MEDIUM· v3 5.8 MEDIUM· v2 The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof a...Show more The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.Show less
CVE-2011-0198 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
CVE-2011-0197 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 2.1 LOW· v2 App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that...Show more App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.Show less
CVE-2011-0196 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 7.8 HIGH· v2 AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.
CVE-2009-5044 2Apple Gnu 2Groff Mac Os X Apr 29, 2026 Jun 24, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVE-2011-1755 3Apple FedoraprojectJabberd2 4Fedora Jabberd2Mac Os X+1 more Apr 29, 2026 Jun 21, 2011 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large num...Show more jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.Show less
CVE-2011-1783 5Apache AppleCanonical+2 more 5Debian Linux FedoraMac Os X+2 more Apr 29, 2026 Jun 6, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of se...Show more The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.Show less
CVE-2011-1752 5Apache AppleCanonical+2 more 5Debian Linux FedoraMac Os X+2 more Apr 29, 2026 Jun 6, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a b...Show more The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.Show less
CVE-2011-0419 9Apache AppleDebian+6 more 10Android Debian LinuxFreebsd+7 more Apr 29, 2026 May 16, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, O...Show more Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Show less
CVE-2011-0194 1Apple 3Imageio Mac Os XMac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
CVE-2011-0193 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
CVE-2011-0190 1Apple 3Installer Mac Os XMac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended...Show more Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.Show less
CVE-2011-0189 1Apple 3Mac Os X Mac Os X ServerTerminal Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH serv...Show more The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.Show less
CVE-2011-0187 1Apple 2Mac Os X Quicktime Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
CVE-2011-0186 1Apple 2Mac Os X Quicktime Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.
CVE-2011-0184 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that...Show more QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.Show less
CVE-2011-0183 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via...Show more Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."Show less
CVE-2011-0182 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 23, 2011 N/A· v4 N/A· v3 7.2 HIGH· v2 The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

Previous 1...122123124...161 Next