CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2011-3463 287 +Priv 2012-02-02 2012-02-03
7.2
None Local Low Not required Complete Complete Complete
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
52 CVE-2011-3462 +Info 2012-02-02 2012-02-03
5.0
None Remote Low Not required Partial None None
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.
53 CVE-2011-3460 119 DoS Exec Code Overflow 2012-02-02 2012-05-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
54 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
55 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
56 CVE-2011-3457 119 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2012-09-22
7.5
None Remote Low Not required Partial Partial Partial
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
57 CVE-2011-3453 189 DoS Exec Code Overflow Mem. Corr. 2012-02-02 2018-01-06
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
58 CVE-2011-3452 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
59 CVE-2011-3450 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
60 CVE-2011-3449 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
61 CVE-2011-3448 119 DoS Exec Code Overflow 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
62 CVE-2011-3447 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
63 CVE-2011-3446 DoS Exec Code 2012-02-02 2012-02-03
7.5
None Remote Low Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
64 CVE-2011-3444 310 2012-02-02 2012-02-06
4.3
None Remote Medium Not required Partial None None
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
65 CVE-2011-3437 189 Exec Code 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
66 CVE-2011-3436 264 Bypass 2011-10-14 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
67 CVE-2011-3435 255 2011-10-14 2017-08-29
2.1
None Local Low Not required Partial None None
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
68 CVE-2011-3422 20 2011-09-12 2017-08-29
4.3
None Remote Medium Not required None Partial None
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.
69 CVE-2011-3246 200 +Info 2011-10-14 2017-08-29
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
70 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
71 CVE-2011-3227 20 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
72 CVE-2011-3226 264 Bypass 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.
73 CVE-2011-3225 264 Bypass 2011-10-14 2012-01-14
5.0
None Remote Low Not required Partial None None
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account.
74 CVE-2011-3224 Exec Code 2011-10-14 2012-01-14
2.6
None Remote High Not required None Partial None
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
75 CVE-2011-3223 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
76 CVE-2011-3222 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
77 CVE-2011-3221 94 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
78 CVE-2011-3220 200 +Info 2011-10-14 2012-01-14
4.3
None Remote Medium Not required Partial None None
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
79 CVE-2011-3218 79 XSS 2011-10-14 2012-01-14
2.6
None Remote High Not required None Partial None
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
80 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
81 CVE-2011-3216 264 Bypass 2011-10-14 2012-01-14
2.1
None Local Low Not required None Partial None
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
82 CVE-2011-3215 264 Bypass 2011-10-14 2012-01-14
2.1
None Local Low Not required Partial None None
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.
83 CVE-2011-3214 264 Bypass 2011-10-14 2012-01-14
4.6
None Local Low Not required Partial Partial Partial
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.
84 CVE-2011-3213 264 2011-10-14 2012-01-14
7.6
None Remote High Not required Complete Complete Complete
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.
85 CVE-2011-3212 310 +Info 2011-10-14 2012-05-12
2.1
None Local Low Not required Partial None None
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.
86 CVE-2011-3026 190 DoS Overflow 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
87 CVE-2011-1417 189 DoS Exec Code Overflow Mem. Corr. 2011-03-11 2012-03-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
88 CVE-2011-1132 DoS 2011-06-24 2011-10-27
4.9
None Local Low Not required None None Complete
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.
89 CVE-2011-0260 264 Bypass 2011-10-14 2012-01-14
4.6
None Local Low Not required Partial Partial Partial
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.
90 CVE-2011-0231 200 +Info 2011-10-14 2012-01-14
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
91 CVE-2011-0230 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
92 CVE-2011-0229 119 Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
93 CVE-2011-0224 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
94 CVE-2011-0213 119 DoS Exec Code Overflow 2011-06-24 2011-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.
95 CVE-2011-0212 399 DoS 2011-06-24 2011-10-27
6.4
None Remote Low Not required Partial None Partial
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
96 CVE-2011-0211 189 DoS Exec Code Overflow 2011-06-24 2011-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
97 CVE-2011-0210 119 DoS Exec Code Overflow Mem. Corr. 2011-06-24 2011-10-27
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.
98 CVE-2011-0209 189 DoS Exec Code Overflow 2011-06-24 2011-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
99 CVE-2011-0208 119 DoS Exec Code Overflow Mem. Corr. 2011-06-24 2011-10-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
100 CVE-2011-0207 310 +Info 2011-06-24 2011-10-27
5.0
None Remote Low Not required Partial None None
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.
Total number of vulnerabilities : 627   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.