Vulnerabilities > Apple > MAC OS X Server > 10.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-0990 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 4.9 |
| 2013-06-05 | CVE-2013-0982 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 1.7 |
| 2013-06-05 | CVE-2013-0975 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 6.8 |
| 2013-03-15 | CVE-2013-0973 | Remote Code Execution vulnerability in Apple Mac OS X Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. network apple | 6.8 |
| 2013-03-15 | CVE-2013-0971 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | 6.8 |
| 2013-03-15 | CVE-2013-0967 | Security Bypass vulnerability in Apple Mac OS X CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. network apple | 4.3 |
| 2013-03-15 | CVE-2013-0966 | Authentication Bypass vulnerability in Apple Mac OS X The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | 6.4 |
| 2012-10-03 | CVE-2012-3489 | XXE vulnerability in multiple products The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. | 6.5 |
| 2012-09-20 | CVE-2012-3723 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. | 4.6 |
| 2012-09-20 | CVE-2012-3722 | Resource Management Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 6.8 |