Apple macOS vulnerabilities

CVE-2011-0175 [MEDIUM] CWE-119 CVE-2011-0175: Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

CVE-2011-0183 [MEDIUM] CWE-189 CVE-2011-0183: Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

CVE-2011-0186 [MEDIUM] CWE-787 CVE-2011-0186: QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

CVE-2011-0193 [MEDIUM] CWE-119 CVE-2011-0193: Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to exe Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

CVE-2011-0179 [MEDIUM] CWE-119 CVE-2011-0179: CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

CVE-2011-0180 [LOW] CWE-189 CVE-2011-0180: Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

CVE-2011-0178 [LOW] CWE-200 CVE-2011-0178: The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directo The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

CVE-2011-1417 [MEDIUM] CWE-189 CVE-2011-1417: Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, rela

CVE-2010-4754 [MEDIUM] CVE-2010-4754: The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a

CVE-2010-4013 [MEDIUM] CWE-134 CVE-2010-4013: Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-m Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.

CVE-2010-4494 [HIGH] CWE-415 CVE-2010-4494: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.5 Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVE-2010-4008 [MEDIUM] CWE-119 CVE-2010-4008: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, an libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CVE-2010-1844 [HIGH] CWE-20 CVE-2010-1844: Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote atta Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.

CVE-2010-1843 [HIGH] CWE-20 CVE-2010-1843: Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of serv Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.

CVE-2010-3788 [MEDIUM] CWE-20 CVE-2010-3788: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

CVE-2010-3786 [MEDIUM] CWE-119 CVE-2010-3786: QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

CVE-2010-1846 [MEDIUM] CWE-119 CVE-2010-1846: Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows rem Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.

CVE-2010-3793 [MEDIUM] CWE-119 CVE-2010-3793: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

CVE-2010-3792 [MEDIUM] CWE-189 CVE-2010-3792: Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

CVE-2010-3796 [MEDIUM] CWE-200 CVE-2010-3796: Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS f Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.