Vulnerabilities > Apple > MAC OS X Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-0982 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | 1.7 |
| 2012-09-20 | CVE-2012-3718 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | 2.1 |
| 2012-05-11 | CVE-2012-0657 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. | 2.1 |
| 2011-10-14 | CVE-2011-3212 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. | 2.1 |
| 2011-10-14 | CVE-2011-3215 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | 2.1 |
| 2011-10-14 | CVE-2011-3216 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | 2.1 |
| 2011-10-14 | CVE-2011-3218 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. | 2.6 |
| 2011-10-14 | CVE-2011-3224 | Multiple Security vulnerability in RETIRED: Apple Mac OS X Prior to 10.7.2 The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | 2.6 |
| 2011-10-14 | CVE-2011-3435 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | 2.1 |
| 2011-06-24 | CVE-2011-0197 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | 2.1 |