Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

9 matches found

CVE•added 2013/06/05 2:39 p.m.•64 views

CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

1.7CVSS6.3AI score0.00053EPSS

CVE•added 2013/03/15 8:55 p.m.•56 views

CVE-2013-0966

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

6.4CVSS6.3AI score0.00241EPSS

CVE•added 2013/03/15 8:55 p.m.•52 views

CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

6.8CVSS7.6AI score0.0147EPSS

CVE•added 2013/06/05 2:39 p.m.•52 views

CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

9.3CVSS7.5AI score0.09856EPSS

CVE•added 2013/06/05 2:39 p.m.•50 views

CVE-2013-0975

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

6.8CVSS7.8AI score0.00892EPSS

CVE•added 2013/03/15 8:55 p.m.•49 views

CVE-2013-0967

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

4.3CVSS6.2AI score0.00327EPSS

CVE•added 2013/06/05 2:39 p.m.•49 views

CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

4.9CVSS5.8AI score0.00432EPSS

CVE•added 2013/03/15 8:55 p.m.•43 views

CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

6.8CVSS6.5AI score0.0035EPSS

CVE•added 2013/06/05 2:39 p.m.•42 views

CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

6.8CVSS7.4AI score0.00901EPSS