CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2017-07-11
6.5
None Remote Low ??? Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
502 CVE-2005-3706 Exec Code Overflow 2005-12-31 2017-07-11
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
503 CVE-2005-3705 Exec Code Overflow 2005-12-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
504 CVE-2005-3704 2005-12-01 2017-07-11
5.0
None Remote Low Not required None Partial None
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
505 CVE-2005-3702 2005-12-01 2011-03-08
5.0
None Remote Low Not required None Partial None
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
506 CVE-2005-3701 +Priv 2005-12-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
507 CVE-2005-3700 Exec Code 2005-12-01 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
508 CVE-2005-2757 Exec Code Overflow 2005-12-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
509 CVE-2005-2752 200 +Info 2005-11-01 2011-03-08
2.1
None Local Low Not required Partial None None
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
510 CVE-2005-2751 2005-11-01 2017-07-11
2.1
None Local Low Not required Partial None None
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
511 CVE-2005-2750 2005-11-01 2017-07-11
2.1
None Local Low Not required None Partial None
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
512 CVE-2005-2749 2005-11-01 2017-07-11
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
513 CVE-2005-2748 2005-10-25 2008-09-05
2.1
None Local Low Not required None Partial None
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
514 CVE-2005-2747 Exec Code Overflow 2005-10-25 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
515 CVE-2005-2746 2005-10-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
516 CVE-2005-2745 +Info 2005-10-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
517 CVE-2005-2744 Exec Code Overflow 2005-10-25 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
518 CVE-2005-2743 Exec Code 2005-10-26 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
519 CVE-2005-2742 Bypass 2005-10-26 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.
520 CVE-2005-2741 264 +Priv 2005-10-26 2016-05-09
7.2
None Local Low Not required Complete Complete Complete
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
521 CVE-2005-2739 2005-11-01 2017-07-11
2.1
None Local Low Not required Partial None None
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
522 CVE-2005-2714 59 2005-12-31 2018-10-19
6.8
None Local Low ??? Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
523 CVE-2005-2713 2005-12-31 2018-10-19
6.8
None Local Low ??? Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
524 CVE-2005-2524 Bypass 2005-10-26 2008-09-05
5.0
None Remote Low Not required None Partial None
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
525 CVE-2005-2511 2005-08-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
526 CVE-2005-2510 2005-08-19 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.
527 CVE-2005-2509 2005-08-19 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
528 CVE-2005-2508 2005-08-19 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.
529 CVE-2005-2507 Exec Code Overflow 2005-08-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
530 CVE-2005-2506 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
531 CVE-2005-2504 2005-08-19 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
532 CVE-2005-2503 2005-08-19 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
533 CVE-2005-2502 Exec Code Overflow 2005-08-19 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
534 CVE-2005-2501 Exec Code Overflow 2005-08-19 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
535 CVE-2005-1727 2005-06-08 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
536 CVE-2005-1725 2005-06-08 2016-10-18
2.1
None Local Low Not required None Partial None
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
537 CVE-2005-1724 Bypass 2005-06-08 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.
538 CVE-2005-1723 Bypass 2005-06-08 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.
539 CVE-2005-1722 2005-06-16 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.
540 CVE-2005-1474 2005-06-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.
541 CVE-2005-1430 2005-05-03 2008-09-10
3.6
None Local Low Not required Partial Partial None
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
542 CVE-2005-1343 Exec Code Overflow 2005-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
543 CVE-2005-1341 Exec Code 2005-05-04 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
544 CVE-2005-1339 2005-05-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.
545 CVE-2005-1337 2005-05-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.
546 CVE-2005-1335 +Priv 2005-05-04 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."
547 CVE-2005-1332 2005-05-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.
548 CVE-2005-1331 2005-05-04 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
549 CVE-2005-1330 20 DoS 2005-05-04 2008-09-05
4.9
None Local Low Not required None None Complete
AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
550 CVE-2005-1043 DoS 2005-04-14 2018-10-30
5.0
None Remote Low Not required None None Partial
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.