Mac Os X
Monthly
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.1%.
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to. Rated medium severity (CVSS 4.4). No vendor patch available.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling. Rated medium severity (CVSS 4.4). No vendor patch available.
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions. Rated medium severity (CVSS 4.4). No vendor patch available.
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.4% and no vendor patch available.
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the. Rated medium severity (CVSS 6.9). No vendor patch available.
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Rated medium severity (CVSS 6.9). No vendor patch available.
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.1%.
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to. Rated medium severity (CVSS 4.4). No vendor patch available.
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling. Rated medium severity (CVSS 4.4). No vendor patch available.
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions. Rated medium severity (CVSS 4.4). No vendor patch available.
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.4% and no vendor patch available.
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the. Rated medium severity (CVSS 6.9). No vendor patch available.
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. Rated medium severity (CVSS 6.9). No vendor patch available.