Apple Mac Os X Server vulnerabilities

CVE-2011-3458 [MEDIUM] CWE-264 CVE-2011-3458: QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.

CVE-2011-3459 [MEDIUM] CWE-189 CVE-2011-3459: Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arb Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.

CVE-2011-3448 [MEDIUM] CWE-119 CVE-2011-3448: Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to e Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

CVE-2011-3444 [MEDIUM] CWE-310 CVE-2011-3444: Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon fai Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

CVE-2011-3449 [MEDIUM] CWE-399 CVE-2011-3449: Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

CVE-2011-3447 [MEDIUM] CWE-200 CVE-2011-3447: CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.

CVE-2011-3462 [MEDIUM] CVE-2011-3462: Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.

CVE-2011-3450 [MEDIUM] CWE-399 CVE-2011-3450: CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack mem CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

CVE-2011-3452 [MEDIUM] CWE-200 CVE-2011-3452: Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across so Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

CVE-2011-0230 [HIGH] CWE-119 CVE-2011-0230: Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 1 Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2011-3213 [HIGH] CWE-264 CVE-2011-3213: The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.50 The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.

CVE-2011-3223 [MEDIUM] CWE-119 CVE-2011-3223: Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbi Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.

CVE-2011-3220 [MEDIUM] CWE-200 CVE-2011-3220: QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

CVE-2011-3226 [MEDIUM] CWE-264 CVE-2011-3226: Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.

CVE-2011-3217 [MEDIUM] CWE-119 CVE-2011-3217: MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.

CVE-2011-3436 [MEDIUM] CWE-264 CVE-2011-3436: Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current p Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.

CVE-2011-0231 [MEDIUM] CWE-200 CVE-2011-0231: CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

CVE-2011-3222 [MEDIUM] CWE-119 CVE-2011-3222: Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbi Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

CVE-2011-3225 [MEDIUM] CWE-264 CVE-2011-3225: The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account.

CVE-2011-3228 [MEDIUM] CWE-94 CVE-2011-3228: QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.