Vulnerabilities > Apple > MAC OS X > 10.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-02-02 | CVE-2011-3444 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. | 4.3 |
2011-11-15 | CVE-2011-1516 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. | 7.6 |
2011-10-14 | CVE-2011-3437 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. | 6.8 |
2011-10-14 | CVE-2011-3436 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. | 6.5 |
2011-10-14 | CVE-2011-3435 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | 2.1 |
2011-10-14 | CVE-2011-3246 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
2011-10-14 | CVE-2011-3228 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |
2011-10-14 | CVE-2011-3227 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | 6.8 |
2011-10-14 | CVE-2011-3226 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | 6.8 |
2011-10-14 | CVE-2011-3225 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | 5.0 |