Apple » Mac Os X Server » 10.6.4 : Security Vulnerabilities, CVEs, Published In 2011 (Information Leak)
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
Max CVSS
4.3
EPSS Score
0.94%
Published
2011-10-14
Updated
2012-01-14
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
Max CVSS
5.0
EPSS Score
0.15%
Published
2011-10-14
Updated
2012-01-14
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-06-24
Updated
2011-10-27
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-03-23
Updated
2011-10-21
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-03-23
Updated
2011-03-24
5 vulnerabilities found