CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2009-2809 94 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
252 CVE-2009-2808 310 Exec Code 2009-11-10 2009-11-17
5.4
None Local Network Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
253 CVE-2009-2807 119 Overflow +Priv 2009-09-14 2017-08-17
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
254 CVE-2009-2805 189 DoS Exec Code Overflow 2009-09-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
255 CVE-2009-2804 189 DoS Exec Code Overflow 2009-09-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
256 CVE-2009-2803 399 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
257 CVE-2009-2801 264 Bypass 2010-03-30 2010-03-31
6.4
None Remote Low Not required None Partial Partial
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
258 CVE-2009-2800 119 DoS Exec Code Overflow 2009-09-11 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
259 CVE-2009-2205 119 DoS Exec Code Overflow 2009-09-09 2009-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
260 CVE-2009-2194 DoS 2009-08-06 2017-08-17
4.9
None Local Low Not required None None Complete
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
261 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
262 CVE-2009-2192 255 2009-08-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
263 CVE-2009-2191 134 DoS Exec Code 2009-08-06 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
264 CVE-2009-2190 399 DoS 2009-08-06 2017-08-17
7.8
None Remote Low Not required None None Complete
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
265 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
266 CVE-2009-1728 119 DoS Exec Code Overflow 2009-08-06 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
267 CVE-2009-1727 2009-08-06 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
268 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
269 CVE-2009-1723 2009-08-06 2017-08-17
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
270 CVE-2009-1717 189 DoS Exec Code Overflow Mem. Corr. 2009-06-05 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
271 CVE-2009-1238 362 DoS Mem. Corr. 2009-04-02 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
272 CVE-2009-1237 399 DoS 2009-04-02 2017-09-29
4.9
None Local Low Not required None None Complete
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
273 CVE-2009-1236 119 DoS Overflow 2009-04-02 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
274 CVE-2009-1235 264 +Priv 2009-04-02 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
275 CVE-2009-0946 190 Exec Code Overflow 2009-04-17 2021-04-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
276 CVE-2009-0944 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
277 CVE-2009-0943 20 Exec Code 2009-05-13 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
278 CVE-2009-0942 20 Exec Code 2009-05-13 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
279 CVE-2009-0161 20 2009-05-13 2017-08-08
6.4
None Remote Low Not required None Partial Partial
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
280 CVE-2009-0160 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
281 CVE-2009-0158 119 DoS Exec Code Overflow 2009-05-13 2016-08-23
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
282 CVE-2009-0157 119 DoS Exec Code Overflow 2009-05-13 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
283 CVE-2009-0156 20 DoS 2009-05-13 2017-08-08
4.3
None Remote Medium Not required None None Partial
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
284 CVE-2009-0155 189 DoS Exec Code Overflow 2009-05-13 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
285 CVE-2009-0154 119 Exec Code Overflow 2009-05-13 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
286 CVE-2009-0153 79 XSS 2009-05-13 2017-09-29
4.3
None Remote Medium Not required None Partial None
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
287 CVE-2009-0152 16 +Info 2009-05-13 2017-08-08
5.0
None Remote Low Not required Partial None None
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
288 CVE-2009-0151 Bypass 2009-08-06 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
289 CVE-2009-0150 119 DoS Overflow +Priv 2009-05-13 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
290 CVE-2009-0149 94 DoS +Priv Mem. Corr. 2009-05-13 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
291 CVE-2009-0145 94 DoS Exec Code Mem. Corr. 2009-05-13 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
292 CVE-2009-0144 16 +Info 2009-05-13 2017-08-08
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
293 CVE-2009-0142 362 DoS 2009-02-12 2011-03-08
1.9
None Local Medium Not required None None Partial
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
294 CVE-2009-0141 264 2009-02-13 2017-08-08
2.1
None Local Low Not required None Partial None
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.
295 CVE-2009-0140 399 DoS 2009-02-13 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.
296 CVE-2009-0139 189 DoS Exec Code Overflow 2009-02-13 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
297 CVE-2009-0138 287 2009-02-13 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
298 CVE-2009-0020 399 DoS Exec Code Mem. Corr. 2009-02-13 2011-03-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
299 CVE-2009-0019 119 DoS Overflow +Info 2009-02-13 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
300 CVE-2009-0018 119 Overflow 2009-02-13 2011-03-08
7.8
None Remote Low Not required Complete None None
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.