| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-3422 |
20 |
|
|
2011-09-12 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. |
|
2 |
CVE-2011-3228 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
|
3 |
CVE-2011-3227 |
20 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. |
|
4 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
|
5 |
CVE-2011-3223 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. |
|
6 |
CVE-2011-3222 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. |
|
7 |
CVE-2011-3221 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. |
|
8 |
CVE-2011-3220 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. |
|
9 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
|
10 |
CVE-2011-3217 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. |
|
11 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
|
12 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
|
13 |
CVE-2011-3214 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. |
|
14 |
CVE-2011-3213 |
264 |
|
|
2011-10-14 |
2012-01-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. |
|
15 |
CVE-2011-1516 |
264 |
|
|
2011-11-15 |
2012-02-16 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. |
|
16 |
CVE-2011-1417 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. |
|
17 |
CVE-2011-1132 |
|
|
DoS |
2011-06-24 |
2011-10-26 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options. |
|
18 |
CVE-2011-0231 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." |
|
19 |
CVE-2011-0230 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
20 |
CVE-2011-0229 |
119 |
|
Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. |
|
21 |
CVE-2011-0224 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. |
|
22 |
CVE-2011-0213 |
119 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-08-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. |
|
23 |
CVE-2011-0211 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-08-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
|
24 |
CVE-2011-0210 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-06-24 |
2011-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. |
|
25 |
CVE-2011-0209 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-08-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. |
|
26 |
CVE-2011-0208 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-06-24 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. |
|
27 |
CVE-2011-0207 |
310 |
|
+Info |
2011-06-24 |
2011-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. |
|
28 |
CVE-2011-0206 |
119 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. |
|
29 |
CVE-2011-0205 |
119 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. |
|
30 |
CVE-2011-0204 |
119 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-11-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. |
|
31 |
CVE-2011-0202 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. |
|
32 |
CVE-2011-0201 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2011-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow. |
|
33 |
CVE-2011-0200 |
189 |
|
DoS Exec Code Overflow |
2011-06-24 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. |
|
34 |
CVE-2011-0199 |
20 |
|
|
2011-06-24 |
2011-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. |
|
35 |
CVE-2011-0198 |
119 |
|
Exec Code Overflow |
2011-06-24 |
2011-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font. |
|
36 |
CVE-2011-0197 |
200 |
|
+Info |
2011-06-24 |
2011-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. |
|
37 |
CVE-2011-0194 |
189 |
|
DoS Exec Code Overflow |
2011-03-22 |
2011-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. |
|
38 |
CVE-2011-0193 |
119 |
|
DoS Exec Code Overflow |
2011-03-22 |
2011-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. |
|
39 |
CVE-2011-0190 |
20 |
|
|
2011-03-22 |
2011-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. |
|
40 |
CVE-2011-0189 |
16 |
|
|
2011-03-22 |
2011-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. |
|
41 |
CVE-2011-0187 |
200 |
|
Bypass +Info |
2011-03-22 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. |
|
42 |
CVE-2011-0186 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-22 |
2011-08-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. |
|
43 |
CVE-2011-0185 |
134 |
|
+Priv |
2011-10-14 |
2012-01-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. |
|
44 |
CVE-2011-0184 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-22 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes. |
|
45 |
CVE-2011-0183 |
189 |
|
DoS |
2011-03-22 |
2011-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." |
|
46 |
CVE-2011-0182 |
20 |
|
+Priv |
2011-03-22 |
2012-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. |
|
47 |
CVE-2011-0181 |
189 |
|
DoS Exec Code Overflow |
2011-03-22 |
2011-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. |
|
48 |
CVE-2011-0180 |
189 |
|
Overflow |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. |
|
49 |
CVE-2011-0179 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-22 |
2011-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. |
|
50 |
CVE-2011-0178 |
200 |
|
+Info |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. |
