Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3222 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 6.8 |
| 2011-10-14 | CVE-2011-3221 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | 6.8 |
| 2011-10-14 | CVE-2011-3220 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | 4.3 |
| 2011-10-14 | CVE-2011-3217 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. | 6.8 |
| 2011-10-14 | CVE-2011-3214 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | 4.6 |
| 2011-10-14 | CVE-2011-0260 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window. | 4.6 |
| 2011-10-14 | CVE-2011-0231 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | 5.0 |
| 2011-10-14 | CVE-2011-0229 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. | 6.8 |
| 2011-10-14 | CVE-2011-0224 | Code Injection vulnerability in Apple mac OS X and mac OS X Server CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | 6.8 |
| 2011-10-14 | CVE-2011-0185 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | 4.4 |