Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-23 | CVE-2011-0190 | Improper Input Validation vulnerability in Apple Installer, mac OS X and mac OS X Server Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | 4.3 |
| 2011-03-23 | CVE-2011-0189 | Configuration vulnerability in Apple mac OS X, mac OS X Server and Terminal The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. | 5.0 |
| 2011-03-23 | CVE-2011-0188 | Numeric Errors vulnerability in Ruby-Lang Ruby The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Per: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html 'This issue only affects 64-bit Ruby processes'. | 6.8 |
| 2011-03-23 | CVE-2011-0187 | Information Exposure vulnerability in Apple mac OS X, mac OS X Server and Quicktime The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. | 4.3 |
| 2011-03-23 | CVE-2011-0186 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. | 6.8 |
| 2011-03-23 | CVE-2011-0184 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes. | 6.8 |
| 2011-03-23 | CVE-2011-0183 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." | 5.0 |
| 2011-03-23 | CVE-2011-0181 | Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. | 6.8 |
| 2011-03-23 | CVE-2011-0179 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. | 6.8 |
| 2011-03-23 | CVE-2011-0177 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. | 6.8 |