VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2013-0973Mar 15, 2013
    risk 0.00cvss epss 0.01

    Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

  • CVE-2013-0971Mar 15, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

  • CVE-2013-0967Mar 15, 2013
    risk 0.00cvss epss 0.01

    CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

  • CVE-2013-0966Mar 15, 2013
    risk 0.00cvss epss 0.02

    The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

  • CVE-2012-3723Sep 20, 2012
    risk 0.00cvss epss 0.00

    Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

  • CVE-2012-3722Sep 20, 2012
    risk 0.00cvss epss 0.03

    The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with…

  • CVE-2012-3719Sep 20, 2012
    risk 0.00cvss epss 0.02

    Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

  • CVE-2012-3718Sep 20, 2012
    risk 0.00cvss epss 0.00

    Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

  • CVE-2012-0650Sep 20, 2012
    risk 0.00cvss epss 0.03

    Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2012-0675May 11, 2012
    risk 0.00cvss epss 0.02

    Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

  • CVE-2012-0662May 11, 2012
    risk 0.00cvss epss 0.03

    Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

  • CVE-2012-0661May 11, 2012
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

  • CVE-2012-0660May 11, 2012
    risk 0.00cvss epss 0.03

    Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

  • CVE-2012-0659May 11, 2012
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

  • CVE-2012-0658May 11, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

  • CVE-2012-0657May 11, 2012
    risk 0.00cvss epss 0.00

    Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

  • CVE-2012-0655May 11, 2012
    risk 0.00cvss epss 0.01

    libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during…

  • CVE-2012-0654May 11, 2012
    risk 0.00cvss epss 0.02

    libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

  • CVE-2012-0651May 11, 2012
    risk 0.00cvss epss 0.02

    The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.

  • CVE-2012-0649May 11, 2012
    risk 0.00cvss epss 0.00

    Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

Page 8 of 34