Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-24 | CVE-2011-0209 | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | 6.8 |
| 2011-06-24 | CVE-2011-0208 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | 6.8 |
| 2011-06-24 | CVE-2011-0207 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | 5.0 |
| 2011-06-24 | CVE-2011-0205 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | 6.8 |
| 2011-06-24 | CVE-2011-0204 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. | 6.8 |
| 2011-06-24 | CVE-2011-0203 | Path Traversal vulnerability in Apple mac OS X Server Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing. | 5.0 |
| 2011-06-24 | CVE-2011-0202 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. | 6.8 |
| 2011-06-24 | CVE-2011-0200 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | 6.8 |
| 2011-06-24 | CVE-2011-0199 | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | 5.9 |
| 2011-06-24 | CVE-2011-0198 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font. | 6.8 |