Vulnerabilities > Apple > MAC OS X Server > 10.6.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3217 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. | 6.8 |
| 2011-10-14 | CVE-2011-3216 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | 2.1 |
| 2011-10-14 | CVE-2011-3215 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | 2.1 |
| 2011-10-14 | CVE-2011-3214 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | 4.6 |
| 2011-10-14 | CVE-2011-3213 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | 7.6 |
| 2011-10-14 | CVE-2011-0231 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | 5.0 |
| 2011-10-14 | CVE-2011-0230 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 7.5 |
| 2011-10-14 | CVE-2011-0229 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. | 6.8 |
| 2011-10-14 | CVE-2011-0224 | Code Injection vulnerability in Apple mac OS X and mac OS X Server CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | 6.8 |
| 2011-10-14 | CVE-2011-0185 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | 4.4 |