Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2012-02-02 CVE-2011-3457 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
network
low complexity
apple CWE-119
7.5
2012-02-02 CVE-2011-3453 Numeric Errors vulnerability in Apple mac OS X and mac OS X Server
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
network
low complexity
apple CWE-189
7.5
2012-02-02 CVE-2011-3452 Information Exposure vulnerability in Apple mac OS X and mac OS X Server
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
network
apple CWE-200
4.3
2012-02-02 CVE-2011-3449 Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
network
apple CWE-399
6.8
2012-02-02 CVE-2011-3448 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
network
apple CWE-119
6.8
2012-02-02 CVE-2011-3446 Unspecified vulnerability in Apple mac OS X and mac OS X Server
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
network
low complexity
apple
7.5
2012-02-02 CVE-2011-3444 Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
network
apple CWE-310
4.3
2011-10-14 CVE-2011-3228 Code Injection vulnerability in Apple mac OS X and mac OS X Server
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
network
apple CWE-94
6.8
2011-10-14 CVE-2011-3227 Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
network
apple CWE-20
6.8
2011-10-14 CVE-2011-3224 Multiple Security vulnerability in RETIRED: Apple Mac OS X Prior to 10.7.2
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
network
high complexity
apple
2.6