Apple Mac Os X Server vulnerabilities

CVE-2011-0172 [MEDIUM] CVE-2011-0172: AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (d AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

CVE-2011-0190 [MEDIUM] CWE-20 CVE-2011-0190: Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

CVE-2011-0184 [MEDIUM] CWE-119 CVE-2011-0184: QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.

CVE-2011-0175 [MEDIUM] CWE-119 CVE-2011-0175: Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

CVE-2011-0183 [MEDIUM] CWE-189 CVE-2011-0183: Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

CVE-2011-0193 [MEDIUM] CWE-119 CVE-2011-0193: Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to exe Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

CVE-2011-0179 [MEDIUM] CWE-119 CVE-2011-0179: CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

CVE-2011-0180 [LOW] CWE-189 CVE-2011-0180: Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

CVE-2011-0178 [LOW] CWE-200 CVE-2011-0178: The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directo The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

CVE-2011-1417 [MEDIUM] CWE-189 CVE-2011-1417: Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, rela

CVE-2010-4013 [MEDIUM] CWE-134 CVE-2010-4013: Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-m Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.

CVE-2010-4011 [MEDIUM] CWE-200 CVE-2010-4011: Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."

CVE-2010-1844 [HIGH] CWE-20 CVE-2010-1844: Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote atta Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.

CVE-2010-1843 [HIGH] CWE-20 CVE-2010-1843: Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of serv Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.

CVE-2010-3788 [MEDIUM] CWE-20 CVE-2010-3788: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

CVE-2010-3786 [MEDIUM] CWE-119 CVE-2010-3786: QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

CVE-2010-1846 [MEDIUM] CWE-119 CVE-2010-1846: Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows rem Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.

CVE-2010-3793 [MEDIUM] CWE-119 CVE-2010-3793: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

CVE-2010-3792 [MEDIUM] CWE-189 CVE-2010-3792: Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

CVE-2010-3796 [MEDIUM] CWE-200 CVE-2010-3796: Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS f Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.