CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2004-0165 +Priv 2004-03-15 2017-10-10
5.0
None Remote Low Not required Partial None None
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
602 CVE-2004-0112 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
603 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
604 CVE-2004-0081 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
605 CVE-2004-0079 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
606 CVE-2003-1010 +Priv 2004-03-29 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.
607 CVE-2003-1009 +Priv 2004-03-29 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
608 CVE-2003-1008 Bypass 2004-03-29 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
609 CVE-2003-1007 2004-03-29 2017-07-11
5.0
None Remote Low Not required None None Partial
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
610 CVE-2003-1006 Exec Code Overflow 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
611 CVE-2003-1005 DoS 2003-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
612 CVE-2003-0975 2003-12-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
613 CVE-2003-0913 2003-12-01 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
614 CVE-2003-0876 2003-11-03 2017-07-11
2.1
None Local Low Not required None Partial None
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
615 CVE-2003-0871 2003-11-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
616 CVE-2003-0804 DoS 2003-11-17 2008-09-10
5.0
None Remote Low Not required None None Partial
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
617 CVE-2003-0694 Exec Code Overflow 2003-10-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
618 CVE-2003-0681 Overflow 2003-10-06 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
619 CVE-2003-0601 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
620 CVE-2003-0518 Overflow 2003-08-18 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
621 CVE-2003-0466 Exec Code Overflow 2003-08-27 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
622 CVE-2003-0420 +Info 2003-06-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
623 CVE-2003-0198 2003-05-05 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
624 CVE-2003-0171 Exec Code 2003-05-05 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
625 CVE-2003-0049 2003-03-03 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
626 CVE-2002-1265 DoS 2002-11-12 2017-10-10
5.0
None Remote Low Not required None None Partial
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
627 CVE-2002-0666 DoS 2002-11-04 2008-09-10
5.0
None Remote Low Not required None None Partial
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.