CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X » 10.7.3 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-4460 200 +Info 2014-11-18 2017-08-29
2.1
None Local Low Not required Partial None None
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
2 CVE-2014-4458 200 +Info 2014-11-18 2017-08-29
5.0
None Remote Low Not required Partial None None
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.
3 CVE-2014-4453 200 +Info 2014-11-18 2017-08-29
5.0
None Remote Low Not required Partial None None
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
4 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2015-12-22
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
5 CVE-2014-1370 119 DoS Exec Code Overflow 2014-07-01 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
6 CVE-2014-1296 264 Bypass 2014-04-23 2019-03-08
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
7 CVE-2014-1270 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
8 CVE-2014-1269 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
9 CVE-2014-1268 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
10 CVE-2014-1265 264 Bypass 2014-02-27 2014-02-27
4.6
None Local Low Not required Partial Partial Partial
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.
11 CVE-2014-1259 119 DoS Exec Code Overflow 2014-02-27 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
12 CVE-2014-1256 119 Overflow Bypass 2014-02-27 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
13 CVE-2013-1024 20 DoS Exec Code 2013-06-05 2014-01-28
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
14 CVE-2013-0990 264 2013-06-05 2013-06-05
4.9
None Remote Medium ??? None Partial Partial
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
15 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
None Local Low ??? Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
16 CVE-2013-0975 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
17 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
18 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
19 CVE-2013-0967 Bypass 2013-03-15 2013-03-18
4.3
None Remote Medium Not required None Partial None
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.
20 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
21 CVE-2012-3723 119 DoS Exec Code Overflow Mem. Corr. 2012-09-20 2017-08-29
4.6
None Local Low Not required Partial Partial Partial
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
22 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
23 CVE-2012-3721 287 2012-09-20 2017-08-29
5.0
None Remote Low Not required Partial None None
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.
24 CVE-2012-3720 255 2012-09-20 2012-09-21
4.3
None Remote Medium Not required Partial None None
Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.
25 CVE-2012-3719 20 Exec Code 2012-09-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
26 CVE-2012-3718 200 +Info 2012-09-20 2013-06-06
2.1
None Local Low Not required Partial None None
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
27 CVE-2012-3716 119 DoS Exec Code Overflow 2012-09-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
28 CVE-2012-0656 362 2012-05-11 2017-12-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
29 CVE-2012-0652 200 +Info 2012-05-11 2017-12-05
4.9
None Local Low Not required Complete None None
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.