| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-1787 |
200 |
|
+Info |
2016-03-24 |
2016-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. |
|
2 |
CVE-2016-1777 |
310 |
|
|
2016-03-24 |
2016-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. |
|
3 |
CVE-2016-1776 |
284 |
|
+Info |
2016-03-24 |
2016-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. |
|
4 |
CVE-2016-1774 |
284 |
|
+Info |
2016-03-24 |
2016-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. |
|
5 |
CVE-2015-7031 |
264 |
|
Bypass |
2015-10-23 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. |
|
6 |
CVE-2015-5911 |
|
|
|
2015-09-18 |
2016-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. |
|
7 |
CVE-2013-5704 |
|
|
Bypass |
2014-04-15 |
2022-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." |
|
8 |
CVE-2013-0984 |
119 |
|
DoS Exec Code Overflow |
2013-06-05 |
2013-06-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. |
|
9 |
CVE-2012-3723 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-09-20 |
2017-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. |
|
10 |
CVE-2012-3722 |
399 |
|
DoS Exec Code |
2012-09-20 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
|
11 |
CVE-2012-3719 |
20 |
|
Exec Code |
2012-09-20 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. |
|
12 |
CVE-2012-3718 |
200 |
|
+Info |
2012-09-20 |
2013-06-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
|
13 |
CVE-2012-0675 |
287 |
|
|
2012-05-11 |
2012-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. |
|
14 |
CVE-2012-0662 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-05-11 |
2012-05-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. |
|
15 |
CVE-2012-0660 |
119 |
|
DoS Exec Code Overflow |
2012-05-11 |
2012-05-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
|
16 |
CVE-2012-0659 |
189 |
|
DoS Exec Code Overflow |
2012-05-11 |
2012-05-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. |
|
17 |
CVE-2012-0658 |
119 |
|
DoS Exec Code Overflow |
2012-05-11 |
2012-05-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. |
|
18 |
CVE-2012-0657 |
264 |
|
Bypass |
2012-05-11 |
2012-05-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
|
19 |
CVE-2012-0655 |
310 |
|
|
2012-05-11 |
2017-12-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. |
|
20 |
CVE-2012-0654 |
119 |
|
DoS Exec Code Overflow |
2012-05-11 |
2017-12-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. |
|
21 |
CVE-2012-0650 |
119 |
|
DoS Exec Code Overflow |
2012-09-20 |
2012-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |
|
22 |
CVE-2012-0649 |
362 |
|
+Priv |
2012-05-11 |
2017-12-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. |
|
23 |
CVE-2011-3462 |
|
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. |
|
24 |
CVE-2011-3460 |
119 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-05-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. |
|
25 |
CVE-2011-3459 |
189 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. |
|
26 |
CVE-2011-3458 |
264 |
|
DoS Exec Code |
2012-02-02 |
2012-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file. |
|
27 |
CVE-2011-3457 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2012-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program. |
|
28 |
CVE-2011-3453 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2018-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. |
|
29 |
CVE-2011-3452 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. |
|
30 |
CVE-2011-3449 |
399 |
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. |
|
31 |
CVE-2011-3448 |
119 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
|
32 |
CVE-2011-3446 |
|
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. |
|
33 |
CVE-2011-3444 |
310 |
|
|
2012-02-02 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. |
|
34 |
CVE-2011-3422 |
20 |
|
|
2011-09-12 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. |
|
35 |
CVE-2011-3228 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
|
36 |
CVE-2011-3227 |
20 |
|
DoS Exec Code |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. |
|
37 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
|
38 |
CVE-2011-3223 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. |
|
39 |
CVE-2011-3222 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. |
|
40 |
CVE-2011-3221 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. |
|
41 |
CVE-2011-3220 |
200 |
|
+Info |
2011-10-14 |
2012-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. |
|
42 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
|
43 |
CVE-2011-3217 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-14 |
2012-01-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. |
|
44 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
|
45 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
|
46 |
CVE-2011-3214 |
264 |
|
Bypass |
2011-10-14 |
2012-01-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. |
|
47 |
CVE-2011-3213 |
264 |
|
|
2011-10-14 |
2012-01-14 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. |
|
48 |
CVE-2011-3026 |
190 |
|
DoS Overflow |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. |
|
49 |
CVE-2011-1417 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. |
|
50 |
CVE-2011-0231 |
200 |
|
+Info |
2011-10-14 |
2012-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." |
