Apple Mac Os X Server vulnerabilities

CVE-2011-0229 [MEDIUM] CWE-119 CVE-2011-0229: Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

CVE-2011-3221 [MEDIUM] CWE-94 CVE-2011-3221: QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.

CVE-2011-3227 [MEDIUM] CWE-20 CVE-2011-3227: libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a n libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.

CVE-2011-3214 [MEDIUM] CWE-264 CVE-2011-3214: IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in displa IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.

CVE-2011-3246 [MEDIUM] CWE-200 CVE-2011-3246: CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, wh CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

CVE-2011-3437 [MEDIUM] CWE-189 CVE-2011-3437: Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows re Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.

CVE-2011-0224 [MEDIUM] CWE-94 CVE-2011-0224: CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or caus CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

CVE-2011-0260 [MEDIUM] CWE-264 CVE-2011-0260: The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window fr The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.

CVE-2011-0185 [MEDIUM] CWE-134 CVE-2011-0185: Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X b Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.

CVE-2011-3215 [LOW] CWE-264 CVE-2011-3215: The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

CVE-2011-3218 [LOW] CWE-79 CVE-2011-3218: The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML docum The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.

CVE-2011-3212 [LOW] CWE-310 CVE-2011-3212: CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted dur CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.

CVE-2011-3216 [LOW] CWE-264 CVE-2011-3216: The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directorie The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

CVE-2011-3435 [LOW] CWE-255 CVE-2011-3435: Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.

CVE-2011-3224 [LOW] CVE-2011-3224: The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

CVE-2011-3422 [MEDIUM] CWE-20 CVE-2011-3422: The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrust The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.

CVE-2011-0201 [HIGH] CWE-189 CVE-2011-0201: Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-depe Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.

CVE-2011-0196 [HIGH] CWE-399 CVE-2011-0196: AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

CVE-2011-0206 [HIGH] CWE-119 CVE-2011-0206: Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

CVE-2011-0203 [MEDIUM] CWE-22 CVE-2011-0203: Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.