CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5986 20 DoS 2015-09-05 2016-12-31
7.1
None Remote Medium Not required None None Complete
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
2 CVE-2015-5911 2015-09-18 2016-12-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document.
3 CVE-2015-5722 20 DoS 2015-09-05 2016-12-31
7.8
None Remote Low Not required None None Complete
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
4 CVE-2014-4350 119 DoS Exec Code Overflow 2014-09-19 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.
5 CVE-2014-1391 119 DoS Exec Code Overflow Mem. Corr. 2014-09-19 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.
6 CVE-2014-1371 119 DoS Exec Code Overflow 2014-07-01 2015-12-22
7.5
None Remote Low Not required Partial Partial Partial
Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.
7 CVE-2014-1370 119 DoS Exec Code Overflow 2014-07-01 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.
8 CVE-2014-1270 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.
9 CVE-2014-1269 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
10 CVE-2014-1268 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.
11 CVE-2014-1259 119 DoS Exec Code Overflow 2014-02-27 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
12 CVE-2014-1256 119 Overflow Bypass 2014-02-27 2014-02-27
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
13 CVE-2013-1024 20 DoS Exec Code 2013-06-05 2014-01-28
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
14 CVE-2013-0984 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
15 CVE-2013-0975 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
16 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
17 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
18 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
19 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
20 CVE-2012-3719 20 Exec Code 2012-09-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
21 CVE-2012-3716 119 DoS Exec Code Overflow 2012-09-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
22 CVE-2012-0662 189 DoS Exec Code Overflow Mem. Corr. 2012-05-11 2012-05-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
23 CVE-2012-0661 399 DoS Exec Code 2012-05-11 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
24 CVE-2012-0660 119 DoS Exec Code Overflow 2012-05-11 2012-05-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
25 CVE-2012-0659 189 DoS Exec Code Overflow 2012-05-11 2012-05-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
26 CVE-2012-0658 119 DoS Exec Code Overflow 2012-05-11 2012-05-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
27 CVE-2012-0655 310 2012-05-11 2017-12-05
6.4
None Remote Low Not required Partial Partial None
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.
28 CVE-2012-0654 119 DoS Exec Code Overflow 2012-05-11 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
29 CVE-2012-0650 119 DoS Exec Code Overflow 2012-09-20 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
30 CVE-2012-0649 362 +Priv 2012-05-11 2017-12-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
31 CVE-2011-3463 287 +Priv 2012-02-02 2012-02-03
7.2
None Local Low Not required Complete Complete Complete
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
32 CVE-2011-3460 119 DoS Exec Code Overflow 2012-02-02 2012-05-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
33 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
34 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
35 CVE-2011-3457 119 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2012-09-22
7.5
None Remote Low Not required Partial Partial Partial
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
36 CVE-2011-3453 189 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2018-01-06
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
37 CVE-2011-3450 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
38 CVE-2011-3449 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
39 CVE-2011-3448 119 DoS Exec Code Overflow 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
40 CVE-2011-3446 DoS Exec Code 2012-02-02 2012-02-03
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
41 CVE-2011-3437 189 Exec Code 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
42 CVE-2011-3436 264 Bypass 2011-10-14 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
43 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
44 CVE-2011-3227 20 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
45 CVE-2011-3226 264 Bypass 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.
46 CVE-2011-3223 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
47 CVE-2011-3222 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
48 CVE-2011-3221 94 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
49 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
50 CVE-2011-3213 264 2011-10-14 2012-01-14
7.6
None Remote High Not required Complete Complete Complete
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.
Total number of vulnerabilities : 374   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.