Mac Os X Server@10.7.2 Security Vulnerabilities and Issues — Mac Os X Server@10.7.2 CVE List

Lucene search

AppleMac Os X Server10.7.2

18 matches found

CVE•added 2012/05/11 3:49 a.m.•125 views

CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8CVSS8.5AI score0.01774EPSS

CVE•added 2012/09/20 9:55 p.m.•56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2012/02/02 6:55 p.m.•50 views

CVE-2011-3463

WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.

7.2CVSS5.9AI score0.00108EPSS

CVE•added 2012/05/11 3:49 a.m.•48 views

CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

2.1CVSS7.7AI score0.00075EPSS

CVE•added 2012/05/11 3:49 a.m.•47 views

CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

6.8CVSS8.5AI score0.00562EPSS

CVE•added 2012/05/11 3:49 a.m.•46 views

CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that...

6.4CVSS7.8AI score0.00227EPSS

CVE•added 2012/05/11 3:49 a.m.•46 views

CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

6.8CVSS8.7AI score0.01482EPSS

CVE•added 2012/05/11 3:49 a.m.•46 views

CVE-2012-0660

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8CVSS8.4AI score0.01774EPSS

CVE•added 2012/05/11 3:49 a.m.•45 views

CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

4.3CVSS7.7AI score0.00314EPSS

CVE•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

6.8CVSS7.3AI score0.00447EPSS

CVE•added 2012/05/11 3:49 a.m.•44 views

CVE-2012-0649

Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

6.9CVSS7.3AI score0.00035EPSS

CVE•added 2012/05/11 3:49 a.m.•43 views

CVE-2012-0661

Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

6.8CVSS8.4AI score0.01993EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

4.6CVSS7.7AI score0.00075EPSS

CVE•added 2012/02/02 6:55 p.m.•41 views

CVE-2011-3447

CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.

4.3CVSS5.5AI score0.0038EPSS

CVE•added 2012/05/11 3:49 a.m.•41 views

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

7.5CVSS8.9AI score0.01739EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

7.5CVSS7.6AI score0.15261EPSS

CVE•added 2012/02/02 6:55 p.m.•40 views

CVE-2011-3450

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

6.8CVSS6.9AI score0.00867EPSS

CVE•added 2012/09/20 9:55 p.m.•38 views

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

2.1CVSS5.8AI score0.00061EPSS