Apple: >> Mac Os X Server >> 10.6.8 Security Vulnerabilities
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.001
Published
2012-05-11
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
CVSS Score
6.8
EPSS Score
0.015
Published
2012-05-11
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVSS Score
6.8
EPSS Score
0.018
Published
2012-05-11
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
CVSS Score
6.8
EPSS Score
0.018
Published
2012-05-11
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
CVSS Score
7.5
EPSS Score
0.017
Published
2012-05-11
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-05-11
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
CVSS Score
6.9
EPSS Score
0.0
Published
2012-05-11
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
CVSS Score
5.0
EPSS Score
0.005
Published
2012-05-11
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
CVSS Score
6.8
EPSS Score
0.006
Published
2012-05-11
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.
CVSS Score
6.4
EPSS Score
0.002
Published
2012-05-11