| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0895 |
22 |
|
Dir. Trav. |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. |
|
2 |
CVE-2013-0894 |
119 |
|
DoS Overflow |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. |
|
3 |
CVE-2013-0890 |
119 |
|
DoS Overflow Mem. Corr. |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. |
|
4 |
CVE-2013-0886 |
|
|
|
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. |
|
5 |
CVE-2013-0884 |
|
|
|
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. |
|
6 |
CVE-2013-0880 |
399 |
|
DoS |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. |
|
7 |
CVE-2012-3716 |
119 |
|
DoS Exec Code Overflow |
2012-09-20 |
2013-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. |
|
8 |
CVE-2012-0662 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-10 |
2012-05-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. |
|
9 |
CVE-2012-0650 |
119 |
|
DoS Exec Code Overflow |
2012-09-20 |
2012-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
10 |
CVE-2011-3463 |
287 |
|
+Priv |
2012-02-02 |
2012-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. |
|
11 |
CVE-2011-3460 |
119 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. |
|
12 |
CVE-2011-3457 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2012-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program. |
|
13 |
CVE-2011-3453 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2012-03-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. |
|
14 |
CVE-2011-3446 |
|
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. |
|
15 |
CVE-2011-3213 |
264 |
|
|
2011-10-14 |
2012-01-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. |
|
16 |
CVE-2011-2601 |
264 |
|
DoS |
2011-06-30 |
2011-07-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. |
|
17 |
CVE-2011-1516 |
264 |
|
|
2011-11-15 |
2012-02-16 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. |
|
18 |
CVE-2011-0230 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
19 |
CVE-2011-0206 |
119 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. |
|
20 |
CVE-2011-0201 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow. |
|
21 |
CVE-2011-0196 |
399 |
|
DoS |
2011-06-24 |
2011-06-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network. |
|
22 |
CVE-2011-0182 |
20 |
|
+Priv |
2011-03-22 |
2012-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. |
|
23 |
CVE-2010-1844 |
20 |
|
DoS |
2010-11-16 |
2011-01-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. |
|
24 |
CVE-2010-1843 |
20 |
|
DoS |
2010-11-16 |
2010-12-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. |
|
25 |
CVE-2010-1840 |
119 |
|
DoS Exec Code Overflow |
2010-11-15 |
2010-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
26 |
CVE-2010-1380 |
189 |
|
DoS Exec Code Overflow |
2010-06-17 |
2010-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. |
|
27 |
CVE-2010-1378 |
310 |
|
Bypass |
2010-11-15 |
2010-11-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. |
|
28 |
CVE-2010-1375 |
287 |
|
+Priv |
2010-06-17 |
2010-06-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. |
|
29 |
CVE-2010-0533 |
22 |
|
Dir. Trav. |
2010-03-30 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. |
|
30 |
CVE-2010-0524 |
264 |
|
|
2010-03-30 |
2010-05-21 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. |
|
31 |
CVE-2010-0509 |
264 |
|
+Priv |
2010-03-30 |
2010-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. |
|
32 |
CVE-2010-0500 |
20 |
|
DoS |
2010-03-30 |
2010-03-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." |
|
33 |
CVE-2010-0498 |
287 |
|
+Priv |
2010-03-30 |
2010-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. |
|
34 |
CVE-2010-0057 |
264 |
|
Bypass |
2010-03-30 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. |
|
35 |
CVE-2009-2833 |
119 |
|
DoS Exec Code Overflow |
2009-11-10 |
2009-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
36 |
CVE-2009-2828 |
399 |
|
DoS Exec Code Mem. Corr. |
2009-11-10 |
2009-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. |
|
37 |
CVE-2009-2807 |
119 |
|
Overflow +Priv |
2009-09-14 |
2012-10-22 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. |
|
38 |
CVE-2009-2192 |
255 |
|
|
2009-08-06 |
2009-08-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." |
|
39 |
CVE-2009-2191 |
134 |
|
DoS Exec Code |
2009-08-06 |
2009-08-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. |
|
40 |
CVE-2009-2190 |
399 |
|
DoS |
2009-08-06 |
2009-08-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. |
|
41 |
CVE-2009-1238 |
362 |
1
|
DoS Mem. Corr. |
2009-04-02 |
2009-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. |
|
42 |
CVE-2009-1235 |
264 |
1
|
+Priv |
2009-04-02 |
2009-08-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. |
|
43 |
CVE-2009-0151 |
|
|
Bypass |
2009-08-06 |
2009-08-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. |
|
44 |
CVE-2009-0020 |
399 |
|
DoS Exec Code Mem. Corr. |
2009-02-12 |
2009-08-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. |
|
45 |
CVE-2009-0019 |
119 |
|
DoS Overflow +Info |
2009-02-12 |
2009-08-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. |
|
46 |
CVE-2009-0018 |
119 |
|
Overflow |
2009-02-12 |
2009-08-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. |
|
47 |
CVE-2009-0017 |
119 |
|
Exec Code Overflow |
2009-02-12 |
2009-08-19 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. |
|
48 |
CVE-2009-0011 |
264 |
|
|
2009-02-12 |
2009-08-19 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. |
|
49 |
CVE-2008-7303 |
264 |
|
|
2011-11-15 |
2011-11-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. |
|
50 |
CVE-2008-4236 |
399 |
|
DoS |
2008-12-16 |
2009-02-06 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. |
