VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2011-0183Mar 23, 2011
    risk 0.00cvss epss 0.02

    Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

  • CVE-2011-0181Mar 23, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

  • CVE-2011-0179Mar 23, 2011
    risk 0.00cvss epss 0.02

    CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

  • CVE-2011-0178Mar 23, 2011
    risk 0.00cvss epss 0.00

    The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

  • CVE-2011-0177Mar 23, 2011
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.

  • CVE-2011-0176Mar 23, 2011
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.

  • CVE-2011-0175Mar 23, 2011
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

  • CVE-2011-0174Mar 23, 2011
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.

  • CVE-2011-0173Mar 23, 2011
    risk 0.00cvss epss 0.02

    Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in…

  • CVE-2011-0172Mar 23, 2011
    risk 0.00cvss epss 0.01

    AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

  • CVE-2011-1417Mar 11, 2011
    risk 0.00cvss epss 0.05

    Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft…

  • CVE-2010-4013Jan 10, 2011
    risk 0.00cvss epss 0.02

    Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.

  • CVE-2010-4011Nov 17, 2010
    risk 0.00cvss epss 0.01

    Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a…

  • CVE-2010-4010Nov 16, 2010
    risk 0.00cvss epss 0.03

    Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

  • CVE-2010-3798Nov 16, 2010
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

  • CVE-2010-3797Nov 16, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-3796Nov 16, 2010
    risk 0.00cvss epss 0.01

    Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.

  • CVE-2010-3795Nov 16, 2010
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

  • CVE-2010-3794Nov 16, 2010
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

  • CVE-2010-3793Nov 16, 2010
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

Page 12 of 34