CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2006-3509 DoS Exec Code Overflow 2006-09-21 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
452 CVE-2006-3508 DoS Exec Code Overflow +Priv 2006-09-21 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
453 CVE-2006-3507 Exec Code Overflow 2006-09-21 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
454 CVE-2006-3506 Exec Code Overflow 2006-08-21 2011-03-08
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
455 CVE-2006-3505 DoS Exec Code 2006-08-03 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
456 CVE-2006-3504 Exec Code 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
457 CVE-2006-3503 DoS Exec Code Overflow 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
458 CVE-2006-3502 DoS Exec Code 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
459 CVE-2006-3501 DoS Exec Code Overflow 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
460 CVE-2006-3500 Exec Code 2006-08-03 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
461 CVE-2006-3499 +Info 2006-08-03 2017-07-20
2.1
None Local Low Not required Partial None None
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
462 CVE-2006-3498 Exec Code Overflow 2006-08-02 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
463 CVE-2006-3497 DoS Exec Code 2006-08-02 2011-04-07
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
464 CVE-2006-3496 DoS 2006-08-02 2017-07-20
5.0
None Remote Low Not required None None Partial
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
465 CVE-2006-3495 2006-08-02 2017-07-20
2.1
None Local Low Not required Partial None None
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
466 CVE-2006-3356 DoS 2006-07-06 2017-07-20
2.6
None Remote High Not required None None Partial
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
467 CVE-2006-1985 119 Exec Code Overflow 2006-04-21 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
468 CVE-2006-1984 DoS 2006-04-21 2017-07-20
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
469 CVE-2006-1983 119 DoS Exec Code Overflow 2006-04-21 2017-07-20
6.4
None Remote Low Not required None Partial Partial
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
470 CVE-2006-1982 119 Exec Code Overflow 2006-04-21 2011-03-07
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
471 CVE-2006-1981 2006-04-21 2017-07-20
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.
472 CVE-2006-1552 189 DoS Overflow 2006-03-31 2017-07-20
5.0
None Remote Low Not required None None Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
473 CVE-2006-1473 DoS Exec Code Overflow 2006-08-02 2017-07-20
5.0
None Remote Low Not required None None Partial
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
474 CVE-2006-1472 2006-08-02 2017-07-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
475 CVE-2006-1471 134 Exec Code 2006-06-27 2018-10-18
4.6
None Local Low Not required Partial Partial Partial
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.
476 CVE-2006-1470 399 DoS 2006-06-27 2017-07-20
5.0
None Remote Low Not required None None Partial
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
477 CVE-2006-1469 119 DoS Exec Code Overflow 2006-06-27 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.
478 CVE-2006-1457 2006-05-12 2017-07-20
2.6
None Remote High Not required None Partial None
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
479 CVE-2006-1456 Exec Code Overflow 2006-05-12 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.
480 CVE-2006-1455 DoS 2006-05-12 2017-07-20
7.8
None Remote Low Not required None None Complete
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
481 CVE-2006-1220 Exec Code Overflow 2006-03-14 2013-09-06
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
482 CVE-2006-0848 16 Exec Code 2006-02-22 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
483 CVE-2006-0401 Bypass 2006-04-05 2017-07-20
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
484 CVE-2006-0400 Bypass 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
485 CVE-2006-0399 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
486 CVE-2006-0398 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
487 CVE-2006-0397 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
488 CVE-2006-0396 Exec Code Overflow 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
489 CVE-2006-0395 Exec Code 2006-08-05 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
490 CVE-2006-0393 DoS 2006-08-03 2017-07-20
4.0
None Remote High Not required Partial None Partial
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
491 CVE-2006-0392 DoS Exec Code Overflow 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
492 CVE-2006-0389 XSS 2006-03-03 2017-07-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
493 CVE-2006-0388 94 2006-03-03 2017-07-20
2.6
None Local High Not required None Partial Partial
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
494 CVE-2006-0387 Exec Code Overflow 2006-03-06 2017-07-20
6.4
None Remote Low Not required None Partial Partial
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
495 CVE-2006-0386 2006-03-03 2017-07-20
1.7
None Local Low ??? Partial None None
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
496 CVE-2006-0384 DoS Exec Code 2006-03-02 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
497 CVE-2006-0383 DoS 2006-03-02 2017-07-20
5.0
None Remote Low Not required None None Partial
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
498 CVE-2005-4504 DoS 2005-12-22 2017-07-20
7.8
None Remote Low Not required None None Complete
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
499 CVE-2005-4217 264 +Priv 2005-12-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
500 CVE-2005-3782 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.