Apple » Mac Os X Server » 10.4.1 : Security Vulnerabilities, CVEs, CVSS score >= 6
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
Max CVSS
9.3
EPSS Score
1.19%
Published
2013-06-05
Updated
2013-06-05
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Max CVSS
6.8
EPSS Score
1.48%
Published
2012-09-20
Updated
2017-08-29
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
Max CVSS
6.8
EPSS Score
0.60%
Published
2012-09-20
Updated
2017-08-29
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
Max CVSS
7.5
EPSS Score
11.25%
Published
2012-05-11
Updated
2012-05-30
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
1.94%
Published
2012-05-11
Updated
2012-05-30
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
59.49%
Published
2012-05-11
Updated
2012-05-30
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
Max CVSS
6.8
EPSS Score
1.98%
Published
2012-05-11
Updated
2012-05-30
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.
Max CVSS
6.4
EPSS Score
0.25%
Published
2012-05-11
Updated
2017-12-05
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
Max CVSS
6.8
EPSS Score
0.82%
Published
2012-05-11
Updated
2017-12-05
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2012-09-20
Updated
2012-09-21
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-05-11
Updated
2017-12-05
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
Max CVSS
7.5
EPSS Score
6.61%
Published
2012-02-02
Updated
2012-05-18
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
3.27%
Published
2012-02-02
Updated
2012-05-18
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
Max CVSS
6.8
EPSS Score
1.59%
Published
2012-02-02
Updated
2012-05-18
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
Max CVSS
7.5
EPSS Score
2.55%
Published
2012-02-02
Updated
2012-09-22
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Max CVSS
7.5
EPSS Score
5.88%
Published
2012-02-02
Updated
2018-01-06
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-02-02
Updated
2012-02-03
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Max CVSS
6.8
EPSS Score
0.10%
Published
2012-02-02
Updated
2012-02-03
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-02-02
Updated
2012-02-03
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
2.14%
Published
2011-10-14
Updated
2012-01-14
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
Max CVSS
6.8
EPSS Score
5.35%
Published
2011-10-14
Updated
2012-01-14
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
Max CVSS
6.8
EPSS Score
1.04%
Published
2011-10-14
Updated
2012-01-14