Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-14 | CVE-2011-3230 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
2011-10-14 | CVE-2011-3229 | Path Traversal vulnerability in Apple Safari Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | 6.8 |
2011-10-14 | CVE-2011-3228 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |
2011-10-14 | CVE-2011-3227 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | 6.8 |
2011-10-14 | CVE-2011-3226 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | 6.8 |
2011-10-14 | CVE-2011-3225 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | 5.0 |
2011-10-14 | CVE-2011-3224 | Multiple Security vulnerability in RETIRED: Apple Mac OS X Prior to 10.7.2 The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | 2.6 |
2011-10-14 | CVE-2011-3223 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. | 6.8 |
2011-10-14 | CVE-2011-3222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 6.8 |
2011-10-14 | CVE-2011-3221 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | 6.8 |