Apple » Mac Os X Server » 10.4.8 : Security Vulnerabilities, CVEs, (Code Execution)
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
Max CVSS
9.3
EPSS Score
1.19%
Published
2013-06-05
Updated
2013-06-05
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
Max CVSS
4.6
EPSS Score
0.06%
Published
2012-09-20
Updated
2017-08-29
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
Max CVSS
6.8
EPSS Score
1.48%
Published
2012-09-20
Updated
2017-08-29
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
Max CVSS
7.5
EPSS Score
11.25%
Published
2012-05-11
Updated
2012-05-30
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
1.94%
Published
2012-05-11
Updated
2012-05-30
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
Max CVSS
6.8
EPSS Score
59.49%
Published
2012-05-11
Updated
2012-05-30
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
Max CVSS
6.8
EPSS Score
1.98%
Published
2012-05-11
Updated
2012-05-30
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
Max CVSS
6.8
EPSS Score
0.82%
Published
2012-05-11
Updated
2017-12-05
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2012-09-20
Updated
2012-09-21
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
Max CVSS
7.5
EPSS Score
5.89%
Published
2012-02-02
Updated
2012-05-18
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
2.90%
Published
2012-02-02
Updated
2012-05-18
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
Max CVSS
6.8
EPSS Score
1.59%
Published
2012-02-02
Updated
2012-05-18
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
Max CVSS
7.5
EPSS Score
2.55%
Published
2012-02-02
Updated
2012-09-22
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Max CVSS
7.5
EPSS Score
5.88%
Published
2012-02-02
Updated
2018-01-06
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-02-02
Updated
2012-02-03
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
Max CVSS
6.8
EPSS Score
0.10%
Published
2012-02-02
Updated
2012-02-03
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-02-02
Updated
2012-02-03
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
2.14%
Published
2011-10-14
Updated
2012-01-14
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-10-14
Updated
2012-01-14
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
Max CVSS
2.6
EPSS Score
0.11%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
Max CVSS
6.8
EPSS Score
5.35%
Published
2011-10-14
Updated
2012-01-14
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
Max CVSS
6.8
EPSS Score
1.04%
Published
2011-10-14
Updated
2012-01-14
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
Max CVSS
6.8
EPSS Score
21.75%
Published
2011-03-11
Updated
2012-03-30