Product:

Mac_os_x_server

(Apple)
Repositories https://github.com/apache/httpd
#Vulnerabilities 664
Date Id Summary Products Score Patch Annotated
2012-02-02 CVE-2011-3449 Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. Mac_os_x, Mac_os_x_server N/A
2012-02-02 CVE-2011-3448 Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Mac_os_x, Mac_os_x_server N/A
2012-02-02 CVE-2011-3447 CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. Mac_os_x, Mac_os_x_server N/A
2012-02-02 CVE-2011-3446 Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. Mac_os_x, Mac_os_x_server N/A
2012-02-02 CVE-2011-3444 Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. Mac_os_x, Mac_os_x_server N/A
2011-10-14 CVE-2011-3437 Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. Mac_os_x, Mac_os_x_server N/A
2011-10-14 CVE-2011-3436 Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. Mac_os_x, Mac_os_x_server N/A
2011-10-14 CVE-2011-3435 Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. Mac_os_x, Mac_os_x_server N/A
2011-09-12 CVE-2011-3422 The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. Mac_os_x, Mac_os_x_server N/A
2011-10-14 CVE-2011-3246 CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. Iphone_os, Mac_os_x, Mac_os_x_server N/A