Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0973 | 0.00 | — | 0.01 | Mar 15, 2013 | Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||
| CVE-2013-0971 | 0.00 | — | 0.02 | Mar 15, 2013 | Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | |||
| CVE-2013-0967 | 0.00 | — | 0.01 | Mar 15, 2013 | CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||
| CVE-2013-0966 | 0.00 | — | 0.02 | Mar 15, 2013 | The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||
| CVE-2012-3723 | 0.00 | — | 0.00 | Sep 20, 2012 | Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. | |||
| CVE-2012-3722 | 0.00 | — | 0.03 | Sep 20, 2012 | The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with… | |||
| CVE-2012-3719 | 0.00 | — | 0.02 | Sep 20, 2012 | Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin. | |||
| CVE-2012-3718 | 0.00 | — | 0.00 | Sep 20, 2012 | Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||
| CVE-2012-0650 | 0.00 | — | 0.03 | Sep 20, 2012 | Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2012-0675 | 0.00 | — | 0.02 | May 11, 2012 | Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | |||
| CVE-2012-0662 | 0.00 | — | 0.03 | May 11, 2012 | Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | |||
| CVE-2012-0661 | 0.00 | — | 0.03 | May 11, 2012 | Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | |||
| CVE-2012-0660 | 0.00 | — | 0.03 | May 11, 2012 | Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||
| CVE-2012-0659 | 0.00 | — | 0.03 | May 11, 2012 | Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||
| CVE-2012-0658 | 0.00 | — | 0.04 | May 11, 2012 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | |||
| CVE-2012-0657 | 0.00 | — | 0.00 | May 11, 2012 | Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. | |||
| CVE-2012-0655 | 0.00 | — | 0.01 | May 11, 2012 | libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during… | |||
| CVE-2012-0654 | 0.00 | — | 0.02 | May 11, 2012 | libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. | |||
| CVE-2012-0651 | 0.00 | — | 0.02 | May 11, 2012 | The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||
| CVE-2012-0649 | 0.00 | — | 0.00 | May 11, 2012 | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. |
- CVE-2013-0973Mar 15, 2013risk 0.00cvss —epss 0.01
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
- CVE-2013-0971Mar 15, 2013risk 0.00cvss —epss 0.02
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
- CVE-2013-0967Mar 15, 2013risk 0.00cvss —epss 0.01
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.
- CVE-2013-0966Mar 15, 2013risk 0.00cvss —epss 0.02
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
- CVE-2012-3723Sep 20, 2012risk 0.00cvss —epss 0.00
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
- CVE-2012-3722Sep 20, 2012risk 0.00cvss —epss 0.03
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with…
- CVE-2012-3719Sep 20, 2012risk 0.00cvss —epss 0.02
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
- CVE-2012-3718Sep 20, 2012risk 0.00cvss —epss 0.00
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
- CVE-2012-0650Sep 20, 2012risk 0.00cvss —epss 0.03
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2012-0675May 11, 2012risk 0.00cvss —epss 0.02
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
- CVE-2012-0662May 11, 2012risk 0.00cvss —epss 0.03
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
- CVE-2012-0661May 11, 2012risk 0.00cvss —epss 0.03
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
- CVE-2012-0660May 11, 2012risk 0.00cvss —epss 0.03
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
- CVE-2012-0659May 11, 2012risk 0.00cvss —epss 0.03
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
- CVE-2012-0658May 11, 2012risk 0.00cvss —epss 0.04
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
- CVE-2012-0657May 11, 2012risk 0.00cvss —epss 0.00
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
- CVE-2012-0655May 11, 2012risk 0.00cvss —epss 0.01
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during…
- CVE-2012-0654May 11, 2012risk 0.00cvss —epss 0.02
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
- CVE-2012-0651May 11, 2012risk 0.00cvss —epss 0.02
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
- CVE-2012-0649May 11, 2012risk 0.00cvss —epss 0.00
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
Page 8 of 34