CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities (CVSS score between 6 and 6.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
2 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
3 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
 None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
5 CVE-2012-3719 20 Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
6 CVE-2012-0661 399 DoS Exec Code 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
7 CVE-2012-0660 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
8 CVE-2012-0659 189 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
9 CVE-2012-0658 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
10 CVE-2012-0655 310 2012-05-10 2012-05-29
6.4
 None Remote Low Not required Partial Partial None
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.
11 CVE-2012-0654 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
12 CVE-2012-0649 362 +Priv 2012-05-10 2012-06-20
6.9
 None Local Medium Not required Complete Complete Complete
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
13 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-17
6.8
 None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
14 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-17
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
15 CVE-2011-3450 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
 None Remote Medium Not required Partial Partial Partial
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
16 CVE-2011-3449 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
17 CVE-2011-3448 119 DoS Exec Code Overflow 2012-02-02 2012-02-03
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
18 CVE-2011-3437 189 Exec Code 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
19 CVE-2011-3436 264 Bypass 2011-10-14 2012-01-13
6.5
 None Remote Low Single system Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
20 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
21 CVE-2011-3227 20 DoS Exec Code 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
22 CVE-2011-3226 264 Bypass 2011-10-14 2012-01-13
6.8
 User Remote Medium Not required Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.
23 CVE-2011-3223 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
24 CVE-2011-3222 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
25 CVE-2011-3221 94 DoS Exec Code 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
26 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
27 CVE-2011-1417 189 DoS Exec Code Overflow Mem. Corr. 2011-03-11 2012-03-30
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
28 CVE-2011-0229 119 Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
29 CVE-2011-0224 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
30 CVE-2011-0213 119 DoS Exec Code Overflow 2011-06-24 2011-08-10
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.
31 CVE-2011-0212 399 DoS 2011-06-24 2011-10-26
6.4
 None Remote Low Not required Partial None Partial
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
32 CVE-2011-0211 189 DoS Exec Code Overflow 2011-06-24 2011-08-10
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
33 CVE-2011-0210 119 DoS Exec Code Overflow Mem. Corr. 2011-06-24 2011-10-26
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.
34 CVE-2011-0209 189 DoS Exec Code Overflow 2011-06-24 2011-08-10
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
35 CVE-2011-0208 119 DoS Exec Code Overflow Mem. Corr. 2011-06-24 2011-10-20
6.8
 None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
36 CVE-2011-0205 119 DoS Exec Code Overflow 2011-06-24 2011-10-26
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.
37 CVE-2011-0204 119 DoS Exec Code Overflow 2011-06-24 2011-11-23
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.
38 CVE-2011-0202 189 DoS Exec Code Overflow 2011-06-24 2011-07-22
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.
39 CVE-2011-0200 189 DoS Exec Code Overflow 2011-06-24 2012-02-03
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.
40 CVE-2011-0198 119 Exec Code Overflow 2011-06-24 2011-10-26
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
41 CVE-2011-0194 189 DoS Exec Code Overflow 2011-03-22 2011-03-23
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
42 CVE-2011-0193 119 DoS Exec Code Overflow 2011-03-22 2011-03-23
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
43 CVE-2011-0186 119 DoS Exec Code Overflow Mem. Corr. 2011-03-22 2011-08-10
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.
44 CVE-2011-0184 119 DoS Exec Code Overflow Mem. Corr. 2011-03-22 2011-10-20
6.8
 None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.
45 CVE-2011-0181 189 DoS Exec Code Overflow 2011-03-22 2011-06-27
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
46 CVE-2011-0179 119 DoS Exec Code Overflow Mem. Corr. 2011-03-22 2011-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.
47 CVE-2011-0177 119 Exec Code Overflow 2011-03-22 2011-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.
48 CVE-2011-0176 119 Exec Code Overflow 2011-03-22 2011-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.
49 CVE-2011-0175 119 Exec Code Overflow 2011-03-22 2011-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
50 CVE-2011-0174 119 Exec Code Overflow 2011-03-22 2011-03-24
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.
Total number of vulnerabilities : 163   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.