| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3723 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-09-20 |
2013-03-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. |
|
2 |
CVE-2012-3722 |
399 |
|
DoS Exec Code |
2012-09-20 |
2013-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
|
3 |
CVE-2012-3721 |
287 |
|
|
2012-09-20 |
2013-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. |
|
4 |
CVE-2012-3720 |
255 |
|
|
2012-09-20 |
2012-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. |
|
5 |
CVE-2012-3719 |
20 |
|
Exec Code |
2012-09-20 |
2013-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. |
|
6 |
CVE-2012-3718 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
|
7 |
CVE-2012-0675 |
287 |
|
|
2012-05-10 |
2012-05-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. |
|
8 |
CVE-2012-0662 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-10 |
2012-05-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. |
|
9 |
CVE-2012-0660 |
119 |
|
DoS Exec Code Overflow |
2012-05-10 |
2012-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
|
10 |
CVE-2012-0659 |
189 |
|
DoS Exec Code Overflow |
2012-05-10 |
2012-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
|
11 |
CVE-2012-0658 |
119 |
|
DoS Exec Code Overflow |
2012-05-10 |
2012-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. |
|
12 |
CVE-2012-0657 |
264 |
|
Bypass |
2012-05-10 |
2012-05-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
|
13 |
CVE-2012-0655 |
310 |
|
|
2012-05-10 |
2012-05-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. |
|
14 |
CVE-2012-0654 |
119 |
|
DoS Exec Code Overflow |
2012-05-10 |
2012-05-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. |
|
15 |
CVE-2012-0649 |
362 |
|
+Priv |
2012-05-10 |
2012-06-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. |
|
16 |
CVE-2011-3228 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
|
17 |
CVE-2011-3227 |
20 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. |
|
18 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
|
19 |
CVE-2011-3223 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. |
|
20 |
CVE-2011-3222 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. |
|
21 |
CVE-2011-3221 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. |
|
22 |
CVE-2011-3220 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. |
|
23 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
|
24 |
CVE-2011-3217 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. |
|
25 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
|
26 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
|
27 |
CVE-2011-3214 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. |
|
28 |
CVE-2011-3213 |
264 |
|
|
2011-10-14 |
2012-01-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. |
|
29 |
CVE-2011-0231 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." |
|
30 |
CVE-2011-0230 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
31 |
CVE-2011-0229 |
119 |
|
Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. |
|
32 |
CVE-2011-0224 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. |
|
33 |
CVE-2010-1119 |
399 |
|
DoS Exec Code |
2010-03-25 |
2012-03-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. |
|
34 |
CVE-2010-0533 |
22 |
|
Dir. Trav. |
2010-03-30 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. |
|
35 |
CVE-2010-0513 |
119 |
|
DoS Exec Code Overflow |
2010-03-30 |
2010-04-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. |
|
36 |
CVE-2010-0509 |
264 |
|
+Priv |
2010-03-30 |
2010-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. |
|
37 |
CVE-2010-0508 |
|
|
|
2010-03-30 |
2010-03-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. |
|
38 |
CVE-2010-0507 |
119 |
|
DoS Exec Code Overflow |
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. |
|
39 |
CVE-2010-0505 |
119 |
|
DoS Exec Code Overflow |
2010-03-30 |
2011-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. |
|
40 |
CVE-2010-0500 |
20 |
|
DoS |
2010-03-30 |
2010-03-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." |
|
41 |
CVE-2010-0498 |
287 |
|
+Priv |
2010-03-30 |
2010-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. |
|
42 |
CVE-2010-0497 |
|
|
Exec Code |
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. |
|
43 |
CVE-2010-0065 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. |
|
44 |
CVE-2010-0063 |
|
|
|
2010-03-30 |
2010-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. |
|
45 |
CVE-2010-0057 |
264 |
|
Bypass |
2010-03-30 |
2010-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. |
|
46 |
CVE-2009-2835 |
20 |
|
DoS +Priv +Info |
2009-11-10 |
2009-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. |
|
47 |
CVE-2009-2834 |
264 |
|
|
2009-11-10 |
2009-11-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. |
|
48 |
CVE-2009-2825 |
310 |
|
|
2009-11-10 |
2009-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
49 |
CVE-2009-2823 |
79 |
|
XSS |
2009-11-10 |
2009-11-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. |
|
50 |
CVE-2009-2820 |
79 |
|
XSS Http R.Spl. |
2009-11-10 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. |
