CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2008-2305 119 Exec Code Overflow 2008-09-16 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
352 CVE-2008-1579 200 +Info 2008-06-02 2017-08-08
5.0
None Remote Low Not required Partial None None
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
353 CVE-2008-1578 200 +Info 2008-06-02 2017-08-08
2.1
None Local Low Not required Partial None None
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
354 CVE-2008-1577 DoS Exec Code Mem. Corr. 2008-06-02 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
355 CVE-2008-1575 399 Exec Code Mem. Corr. 2008-06-02 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
356 CVE-2008-1574 119 DoS Exec Code Overflow 2008-06-02 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
357 CVE-2008-1573 119 Overflow +Info 2008-06-02 2017-08-08
7.1
None Remote Medium Not required Complete None None
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
358 CVE-2008-1572 264 2008-06-02 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
359 CVE-2008-1571 22 Dir. Trav. 2008-06-02 2017-08-08
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
360 CVE-2008-1517 20 DoS +Priv 2009-05-13 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.
361 CVE-2008-1036 79 XSS 2008-06-02 2017-09-29
4.3
None Remote Medium Not required None Partial None
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
362 CVE-2008-1032 Exec Code 2008-06-02 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
363 CVE-2008-1031 119 DoS Exec Code Overflow 2008-06-02 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
364 CVE-2008-1030 20 DoS Exec Code Overflow 2008-06-02 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
365 CVE-2008-1028 20 DoS Exec Code 2008-06-02 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
366 CVE-2008-1027 264 2008-06-02 2017-08-08
4.3
None Remote Medium Not required Partial None None
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
367 CVE-2008-1000 22 Dir. Trav. 2008-03-18 2018-10-15
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
368 CVE-2008-0999 20 DoS 2008-03-18 2017-08-08
7.1
None Remote Medium Not required None None Complete
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
369 CVE-2008-0998 264 Exec Code Bypass 2008-03-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
370 CVE-2008-0997 119 DoS Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
371 CVE-2008-0996 255 2008-03-18 2017-08-08
1.7
None Local Low ??? Partial None None
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
372 CVE-2008-0995 200 +Info 2008-03-18 2017-08-08
2.6
None Remote High Not required Partial None None
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
373 CVE-2008-0994 200 +Info 2008-03-18 2017-08-08
2.6
None Remote High Not required Partial None None
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
374 CVE-2008-0992 119 Exec Code Overflow 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
375 CVE-2008-0990 200 DoS +Info 2008-03-18 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
376 CVE-2008-0989 134 Exec Code 2008-03-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
377 CVE-2008-0988 189 DoS 2008-03-18 2011-03-08
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
378 CVE-2008-0060 94 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
379 CVE-2008-0059 362 Exec Code 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
380 CVE-2008-0058 362 Exec Code 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
381 CVE-2008-0057 189 Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
382 CVE-2008-0056 119 Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
383 CVE-2008-0055 362 DoS +Priv 2008-03-18 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
384 CVE-2008-0054 20 Exec Code 2008-03-18 2017-08-08
6.4
None Remote Low Not required None Partial Partial
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
385 CVE-2008-0052 200 +Info 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
386 CVE-2008-0051 189 Exec Code Overflow 2008-03-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
387 CVE-2008-0050 200 +Info 2008-03-18 2017-08-08
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
388 CVE-2008-0049 264 Exec Code 2008-03-18 2017-08-08
1.9
None Local Medium Not required None Partial None
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
389 CVE-2008-0048 119 Exec Code Overflow 2008-03-18 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
390 CVE-2008-0046 264 Bypass 2008-03-18 2017-08-08
5.0
None Remote Low Not required Partial None None
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
391 CVE-2008-0045 264 Bypass 2008-03-18 2017-08-08
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
392 CVE-2008-0044 119 DoS Exec Code Overflow 2008-03-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
393 CVE-2007-6276 189 DoS 2007-12-07 2017-09-29
7.8
None Remote Low Not required None None Complete
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
394 CVE-2007-5863 310 Exec Code 2007-12-19 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
395 CVE-2007-5860 Exec Code 2007-12-19 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
396 CVE-2007-4703 Bypass 2007-11-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
397 CVE-2007-4702 Bypass 2007-11-15 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
398 CVE-2007-4701 264 2007-11-15 2017-07-29
2.1
None Local Low Not required Partial None None
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
399 CVE-2007-4700 264 2007-11-15 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
400 CVE-2007-4697 DoS Exec Code Mem. Corr. 2007-11-15 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
Total number of vulnerabilities : 627   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.