Apple: >> Mac Os X Server >> 5.0.14 Security Vulnerabilities
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
CVSS Score
6.8
EPSS Score
0.014
Published
2011-10-14
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
CVSS Score
6.8
EPSS Score
0.018
Published
2011-10-14
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-09-12
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.
CVSS Score
6.8
EPSS Score
0.014
Published
2011-06-24
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.
CVSS Score
6.8
EPSS Score
0.021
Published
2011-06-24
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Score
7.5
EPSS Score
0.085
Published
2011-06-21
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
CVSS Score
7.2
EPSS Score
0.004
Published
2011-03-23
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."
CVSS Score
5.0
EPSS Score
0.007
Published
2011-03-23
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.
CVSS Score
4.3
EPSS Score
0.01
Published
2011-03-23
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
CVSS Score
4.3
EPSS Score
0.006
Published
2011-03-23