CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2005-0975 DoS 2005-05-02 2017-07-11
2.1
None Local Low Not required None None Partial
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
552 CVE-2005-0972 Exec Code Overflow 2005-05-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
553 CVE-2005-0716 Exec Code Overflow 2005-03-21 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
554 CVE-2005-0715 2005-03-21 2008-09-05
2.1
None Local Low Not required Partial None None
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
555 CVE-2005-0713 +Priv Bypass 2005-03-21 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
556 CVE-2005-0594 Exec Code Overflow 2005-05-04 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
557 CVE-2005-0373 Exec Code Overflow 2004-10-07 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
558 CVE-2005-0342 +Priv 2005-05-02 2017-07-11
2.1
None Local Low Not required None Partial None
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
559 CVE-2005-0127 2005-05-02 2017-07-11
5.0
None Remote Low Not required Partial None None
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.
560 CVE-2005-0126 Exec Code 2005-05-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
561 CVE-2005-0125 Exec Code 2005-05-02 2018-08-13
7.2
None Local Low Not required Complete Complete Complete
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
562 CVE-2004-1832 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.
563 CVE-2004-1307 Exec Code Overflow 2004-12-21 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
564 CVE-2004-1123 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
565 CVE-2004-1089 2004-12-02 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
566 CVE-2004-1088 2004-12-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
567 CVE-2004-1087 2004-12-02 2017-07-11
2.1
None Local Low Not required None Partial None
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
568 CVE-2004-1086 Exec Code Overflow 2004-12-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
569 CVE-2004-1085 2004-12-02 2017-07-11
2.1
None Local Low Not required None None Partial
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
570 CVE-2004-1084 Bypass 2004-12-02 2017-07-11
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
571 CVE-2004-1083 2004-12-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
572 CVE-2004-1081 2004-12-02 2017-07-11
2.1
None Local Low Not required Partial None None
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
573 CVE-2004-0927 2005-01-27 2008-09-05
5.0
None Remote Low Not required Partial None None
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
574 CVE-2004-0926 Exec Code Overflow 2005-01-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
575 CVE-2004-0925 2005-01-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
576 CVE-2004-0924 2005-01-27 2008-09-05
5.0
None Remote Low Not required None Partial None
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
577 CVE-2004-0923 +Info 2005-01-27 2017-10-11
2.1
None Local Low Not required Partial None None
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
578 CVE-2004-0922 2005-01-27 2008-09-05
5.0
None Remote Low Not required Partial None None
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
579 CVE-2004-0921 2005-01-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
580 CVE-2004-0886 DoS Overflow Mem. Corr. 2005-01-27 2017-10-11
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
581 CVE-2004-0825 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.
582 CVE-2004-0823 2004-09-07 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
583 CVE-2004-0822 Exec Code Overflow 2004-09-07 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
584 CVE-2004-0821 +Priv 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
585 CVE-2004-0803 Exec Code Overflow 2004-12-23 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
586 CVE-2004-0744 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
587 CVE-2004-0743 +Info 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
588 CVE-2004-0539 Exec Code 2004-08-06 2017-10-12
10.0
None Remote Low Not required Complete Complete Complete
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
589 CVE-2004-0538 Exec Code 2004-08-06 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
590 CVE-2004-0518 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
591 CVE-2004-0517 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
592 CVE-2004-0516 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
593 CVE-2004-0515 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
594 CVE-2004-0514 2004-08-18 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
595 CVE-2004-0486 Exec Code Dir. Trav. 2004-07-07 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
596 CVE-2004-0430 Exec Code Overflow 2004-07-07 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
597 CVE-2004-0428 2004-05-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
598 CVE-2004-0168 2004-03-15 2018-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
599 CVE-2004-0167 2004-03-15 2018-09-26
7.5
None Remote Low Not required Partial Partial Partial
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
600 CVE-2004-0166 2004-03-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.