Mac Os X Server Security Vulnerabilities and Issues — Page 2 of Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

87 matches found

CVE•added 2009/02/13 12:30 a.m.•45 views

CVE-2009-0140

Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

9.3CVSS6.7AI score0.00427EPSS

CVE•added 2009/09/14 4:30 p.m.•45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS

CVE•added 2009/11/10 7:30 p.m.•45 views

CVE-2009-2828

The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.5CVSS7.9AI score0.02313EPSS

CVE•added 2009/02/13 12:30 a.m.•44 views

CVE-2009-0009

Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

6.8CVSS7.5AI score0.02605EPSS

CVE•added 2009/02/13 12:30 a.m.•44 views

CVE-2009-0020

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

7.8CVSS7.4AI score0.02239EPSS

CVE•added 2009/02/13 12:30 a.m.•44 views

CVE-2009-0141

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

5.5CVSS5.4AI score0.00047EPSS

CVE•added 2009/05/13 3:30 p.m.•44 views

CVE-2009-0150

Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.

4.4CVSS7.3AI score0.00164EPSS

CVE•added 2009/08/06 4:30 p.m.•44 views

CVE-2009-2191

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

7.5CVSS7.5AI score0.00846EPSS

CVE•added 2009/08/06 4:30 p.m.•44 views

CVE-2009-2192

MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

7.5CVSS6AI score0.00347EPSS

CVE•added 2009/11/10 7:30 p.m.•44 views

CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9CVSS6.7AI score0.00061EPSS

CVE•added 2009/11/10 7:30 p.m.•44 views

CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6CVSS6.9AI score0.00059EPSS

CVE•added 2009/11/10 7:30 p.m.•44 views

CVE-2009-2836

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

6.2CVSS7.1AI score0.0004EPSS

CVE•added 2009/02/13 12:30 a.m.•43 views

CVE-2009-0013

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

2.1CVSS7AI score0.0007EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0154

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

6.8CVSS7.6AI score0.16284EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0157

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.

6.8CVSS7.9AI score0.01234EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.5AI score0.02306EPSS

CVE•added 2009/05/13 3:30 p.m.•42 views

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.4AI score0.02306EPSS

CVE•added 2009/04/02 5:30 p.m.•42 views

CVE-2009-1236

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10CVSS6.9AI score0.05379EPSS

CVE•added 2009/08/06 4:30 p.m.•42 views

CVE-2009-2188

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

9.3CVSS7.9AI score0.18341EPSS

CVE•added 2009/11/10 7:30 p.m.•42 views

CVE-2009-2826

Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.

6.8CVSS7.7AI score0.01892EPSS

CVE•added 2009/02/13 12:30 a.m.•41 views

CVE-2009-0139

Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.

9.3CVSS7.6AI score0.0079EPSS

CVE•added 2009/05/13 3:30 p.m.•41 views

CVE-2009-0149

Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

4.4CVSS7.1AI score0.00117EPSS

CVE•added 2009/09/14 4:30 p.m.•41 views

CVE-2009-2807

Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

7.2CVSS7AI score0.00069EPSS

CVE•added 2009/11/10 7:30 p.m.•41 views

CVE-2009-2818

Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).

5CVSS6.8AI score0.00421EPSS

CVE•added 2009/11/10 7:30 p.m.•41 views

CVE-2009-2829

Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.

5CVSS7AI score0.00747EPSS

CVE•added 2009/08/06 3:30 p.m.•40 views

CVE-2009-0151

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

7.2CVSS6AI score0.00055EPSS

CVE•added 2009/06/05 4:0 p.m.•40 views

CVE-2009-1717

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

6.8CVSS8AI score0.02622EPSS

CVE•added 2009/11/10 7:30 p.m.•40 views

CVE-2009-2819

AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

9.3CVSS7.9AI score0.00729EPSS

CVE•added 2009/05/13 3:30 p.m.•39 views

CVE-2008-1517

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

7.2CVSS6.9AI score0.00064EPSS

CVE•added 2009/02/13 12:30 a.m.•39 views

CVE-2009-0015

Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."

4.9CVSS6.2AI score0.0007EPSS

CVE•added 2009/04/02 5:30 p.m.•39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS

CVE•added 2009/09/14 4:30 p.m.•39 views

CVE-2009-2814

Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.

4.3CVSS6.3AI score0.00499EPSS

CVE•added 2009/11/10 7:30 p.m.•39 views

CVE-2009-2827

Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

6.8CVSS7.8AI score0.01901EPSS

CVE•added 2009/11/10 7:30 p.m.•39 views

CVE-2009-2840

Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

4.9CVSS6.7AI score0.00057EPSS

CVE•added 2009/05/13 3:30 p.m.•38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS

CVE•added 2009/05/13 3:30 p.m.•37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS

CVE•added 2009/05/13 3:30 p.m.•35 views

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

6.4CVSS6.8AI score0.00181EPSS

Total number of security vulnerabilities87