Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AppleMac Os X10.7.0

73 matches found

CVE
CVEadded 2012/05/11 3:49 a.m.43 views

CVE-2012-0661

Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

6.8CVSS8.4AI score0.01993EPSS
CVE
CVEadded 2012/09/20 9:55 p.m.43 views

CVE-2012-3721

Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.

5CVSS6.2AI score0.00228EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.43 views

CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

6.8CVSS6.5AI score0.0035EPSS
CVE
CVEadded 2014/02/27 1:55 a.m.43 views

CVE-2014-1256

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

7.5CVSS6.3AI score0.00378EPSS
CVE
CVEadded 2011/10/14 10:55 a.m.42 views

CVE-2011-3228

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

6.8CVSS8.7AI score0.01383EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.42 views

CVE-2011-3458

QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.

6.8CVSS6.7AI score0.01046EPSS
CVE
CVEadded 2012/09/20 9:55 p.m.42 views

CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

4.6CVSS7.7AI score0.00075EPSS
CVE
CVEadded 2013/06/05 2:39 p.m.42 views

CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

6.8CVSS7.4AI score0.00901EPSS
CVE
CVEadded 2014/02/27 1:55 a.m.42 views

CVE-2014-1265

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

4.6CVSS5.8AI score0.00054EPSS
CVE
CVEadded 2014/07/01 10:17 a.m.42 views

CVE-2014-1371

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

7.5CVSS7.6AI score0.00788EPSS
CVE
CVEadded 2011/10/14 10:55 a.m.41 views

CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

5CVSS7.8AI score0.00291EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.41 views

CVE-2011-3447

CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.

4.3CVSS5.5AI score0.0038EPSS
CVE
CVEadded 2012/05/11 3:49 a.m.41 views

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

7.5CVSS8.9AI score0.01739EPSS
CVE
CVEadded 2012/09/20 9:55 p.m.41 views

CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

7.5CVSS7.6AI score0.15261EPSS
CVE
CVEadded 2014/11/18 11:59 a.m.41 views

CVE-2014-4458

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.0056EPSS
CVE
CVEadded 2011/10/14 10:55 a.m.40 views

CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-m...

6.8CVSS8.5AI score0.0063EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.40 views

CVE-2011-3450

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

6.8CVSS6.9AI score0.00867EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.39 views

CVE-2011-3452

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

4.3CVSS5.7AI score0.0038EPSS
CVE
CVEadded 2012/05/11 3:49 a.m.39 views

CVE-2012-0656

Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.

6.9CVSS7.8AI score0.00039EPSS
CVE
CVEadded 2012/09/20 9:55 p.m.38 views

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

2.1CVSS5.8AI score0.00061EPSS
CVE
CVEadded 2011/10/14 10:55 a.m.36 views

CVE-2011-3216

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

2.1CVSS7.5AI score0.00058EPSS
CVE
CVEadded 2012/09/20 9:55 p.m.36 views

CVE-2012-3720

Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.

4.3CVSS6.4AI score0.00236EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.34 views

CVE-2011-3449

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8CVSS6.8AI score0.00872EPSS
Total number of security vulnerabilities73