Apple Mac Os X Server vulnerabilities

CVE-2014-0067 [MEDIUM] CWE-264 CVE-2014-0067: The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invok The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

CVE-2014-1256 [HIGH] CWE-119 CVE-2014-1256: Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

CVE-2014-1265 [MEDIUM] CWE-264 CVE-2014-1265: The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local user The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.

CVE-2014-1259 [MEDIUM] CWE-119 CVE-2014-1259: Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary c Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

CVE-2014-1269 [MEDIUM] CVE-2014-1269: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.

CVE-2014-1270 [MEDIUM] CVE-2014-1270: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.

CVE-2014-1268 [MEDIUM] CWE-119 CVE-2014-1268: WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.

CVE-2013-0984 [CRITICAL] CWE-119 CVE-2013-0984: Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

CVE-2013-1024 [MEDIUM] CWE-20 CVE-2013-1024: CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the pr CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

CVE-2013-0975 [MEDIUM] CWE-119 CVE-2013-0975: Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to exec Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

CVE-2013-0990 [MEDIUM] CWE-264 CVE-2013-0990: SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

CVE-2013-0982 [LOW] CWE-200 CVE-2013-0982: The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage o The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

CVE-2013-0966 [MEDIUM] CVE-2013-0966: The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not p The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

CVE-2013-0967 [MEDIUM] CVE-2013-0967: CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

CVE-2013-0973 [MEDIUM] CVE-2013-0973: Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketin Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

CVE-2013-0971 [MEDIUM] CWE-399 CVE-2013-0971: Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to ex Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

CVE-2012-3489 [MEDIUM] CWE-611 CVE-2012-3489: The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers

CVE-2012-3716 [HIGH] CWE-119 CVE-2012-3716: CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

CVE-2012-0650 [HIGH] CWE-119 CVE-2012-0650: Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 a Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2012-3722 [MEDIUM] CWE-399 CVE-2012-3722: The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, a The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.