U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 71 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2014-1371

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

Published: July 01, 2014; 6:17:27 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1370

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.

Published: July 01, 2014; 6:17:27 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

Published: April 23, 2014; 7:52:59 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1270

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1269

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1268

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1265

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

Published: February 26, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2014-1259

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1256

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

Published: February 26, 2014; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-1024

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 1.7 LOW
CVE-2013-0975

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

Published: June 05, 2013; 10:39:55 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

Published: March 15, 2013; 4:55:11 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

Published: March 15, 2013; 4:55:11 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0967

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

Published: March 15, 2013; 4:55:10 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0966

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

Published: March 15, 2013; 4:55:10 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-3489

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

Published: October 03, 2012; 5:55:00 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

Published: September 20, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

Published: September 20, 2012; 5:55:03 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM