National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.6.4
There are 165 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2011-3214

IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.

Published: October 14, 2011; 06:55:08 AM -04:00
    V2: 4.6 MEDIUM
CVE-2011-3213

The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.

Published: October 14, 2011; 06:55:08 AM -04:00
    V2: 7.6 HIGH
CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

Published: October 14, 2011; 06:55:08 AM -04:00
    V2: 5.0 MEDIUM
CVE-2011-0230

Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Published: October 14, 2011; 06:55:08 AM -04:00
    V2: 7.5 HIGH
CVE-2011-0229

Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

Published: October 14, 2011; 06:55:07 AM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0224

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

Published: October 14, 2011; 06:55:07 AM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0185

Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.

Published: October 14, 2011; 06:55:07 AM -04:00
    V2: 4.4 MEDIUM
CVE-2011-3422

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

Published: September 12, 2011; 08:40:44 AM -04:00
    V2: 4.3 MEDIUM
CVE-2011-1132

The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 4.9 MEDIUM
CVE-2011-0213

Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0212

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.4 MEDIUM
CVE-2011-0211

Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0210

QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0209

Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0208

QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0207

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-0206

Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 7.5 HIGH
CVE-2011-0205

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0204

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-0203

Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.

Published: June 24, 2011; 04:55:02 PM -04:00
    V2: 5.0 MEDIUM