Apple: >> Mac Os X >> 10.5.7 Security Vulnerabilities
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
CVSS Score
6.8
EPSS Score
0.024
Published
2011-10-14
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
CVSS Score
2.6
EPSS Score
0.005
Published
2011-10-14
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
CVSS Score
6.8
EPSS Score
0.006
Published
2011-10-14
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVSS Score
6.8
EPSS Score
0.014
Published
2011-10-14
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVSS Score
6.8
EPSS Score
0.645
Published
2011-10-14
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
CVSS Score
6.8
EPSS Score
0.003
Published
2011-10-14
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
CVSS Score
5.0
EPSS Score
0.004
Published
2011-10-14
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.015
Published
2011-10-14
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
CVSS Score
5.0
EPSS Score
0.003
Published
2011-10-14
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.
CVSS Score
7.6
EPSS Score
0.002
Published
2011-10-14