Mac Os X Server Security Vulnerabilities - CVSS Score 5 - 6
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness error...
6.7AI Score
0.033EPSS
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
6.2AI Score
0.042EPSS
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
6.6AI Score
0.012EPSS
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
6.1AI Score
0.005EPSS
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
6.7AI Score
0.01EPSS
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
6.2AI Score
0.004EPSS
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
7.2AI Score
0.003EPSS
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-b...
7.2AI Score
0.002EPSS
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
7.2AI Score
0.035EPSS
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
6.5AI Score
0.003EPSS
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
7.3AI Score
0.004EPSS
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than ...
8.1AI Score
0.106EPSS
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
6.2AI Score
0.003EPSS
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
6.1AI Score
0.014EPSS
QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.
6.6AI Score
0.042EPSS
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
9.1AI Score
0.114EPSS
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
6.3AI Score
0.002EPSS
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
6.7AI Score
0.001EPSS
Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
6.7AI Score
0.001EPSS
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
6.7AI Score
0.003EPSS
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8AI Score
0.002EPSS
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
9.2AI Score
0.003EPSS
Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.
7.2AI Score
0.013EPSS
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.
6.4AI Score
0.013EPSS
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
6.3AI Score
0.01EPSS
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such...
6.8AI Score
0.011EPSS
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
7AI Score
0.007EPSS
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
9.6AI Score
0.004EPSS
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
9.1AI Score
0.003EPSS
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
8.5AI Score
0.011EPSS
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
7.5AI Score
0.055EPSS
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
8.5AI Score
0.007EPSS
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
6.2AI Score
0.003EPSS
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
6.5AI Score
0.011EPSS
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
6.7AI Score
0.03EPSS
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
6.6AI Score
0.087EPSS
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
7.4AI Score
0.006EPSS
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
7.5AI Score
0.034EPSS
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an att...
7.4AI Score
0.45EPSS
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the...
6.9AI Score
0.975EPSS
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
6.1AI Score
0.084EPSS
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
6AI Score
0.009EPSS
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
7.7AI Score
0.061EPSS
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
6.4AI Score
0.058EPSS
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
6.6AI Score
0.1EPSS
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
7.8AI Score
0.021EPSS
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
6.2AI Score
0.068EPSS
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
7.3AI Score
0.019EPSS
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
7.6AI Score
0.012EPSS
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
7.2AI Score
0.015EPSS