National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.7.0
There are 94 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2014-1371

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

Published: July 01, 2014; 06:17:27 AM -04:00
    V2: 7.5 HIGH
CVE-2014-1370

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

Published: July 01, 2014; 06:17:27 AM -04:00
    V2: 6.8 MEDIUM
CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

Published: April 23, 2014; 07:52:59 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-1270

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.

Published: February 26, 2014; 08:55:04 PM -05:00
    V2: 6.8 MEDIUM
CVE-2014-1269

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

Published: February 26, 2014; 08:55:04 PM -05:00
    V2: 6.8 MEDIUM
CVE-2014-1268

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

Published: February 26, 2014; 08:55:04 PM -05:00
    V2: 6.8 MEDIUM
CVE-2014-1265

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

Published: February 26, 2014; 08:55:04 PM -05:00
    V2: 4.6 MEDIUM
CVE-2014-1259

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

Published: February 26, 2014; 08:55:03 PM -05:00
    V2: 6.8 MEDIUM
CVE-2014-1256

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Published: February 26, 2014; 08:55:03 PM -05:00
    V2: 7.5 HIGH
CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 4.9 MEDIUM
CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 1.7 LOW
CVE-2013-0975

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

Published: June 05, 2013; 10:39:55 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

Published: March 15, 2013; 04:55:11 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

Published: March 15, 2013; 04:55:11 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0967

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

Published: March 15, 2013; 04:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-0966

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

Published: March 15, 2013; 04:55:10 PM -04:00
    V2: 6.4 MEDIUM
CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

Published: September 20, 2012; 05:55:03 PM -04:00
    V2: 4.6 MEDIUM
CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

Published: September 20, 2012; 05:55:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

Published: September 20, 2012; 05:55:02 PM -04:00
    V2: 6.8 MEDIUM