Mac Os X Server@10.4.10 Security Vulnerabilities and Issues — Page 2 of Mac Os X Server@10.4.10 CVE List

Lucene search

AppleMac Os X Server10.4.10

68 matches found

CVE•added 2011/10/14 10:55 a.m.•43 views

CVE-2011-0224

CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

6.8CVSS8.5AI score0.01405EPSS

CVE•added 2007/11/15 1:46 a.m.•42 views

CVE-2007-4685

The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

7.2CVSS7.1AI score0.00054EPSS

CVE•added 2009/04/02 5:30 p.m.•42 views

CVE-2009-1236

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10CVSS6.9AI score0.05379EPSS

CVE•added 2011/10/14 10:55 a.m.•42 views

CVE-2011-3228

QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

6.8CVSS8.7AI score0.01383EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3723

Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.

4.6CVSS7.7AI score0.00075EPSS

CVE•added 2007/08/03 10:17 a.m.•41 views

CVE-2007-2404

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS...

5CVSS5.7AI score0.00516EPSS

CVE•added 2009/11/10 7:30 p.m.•41 views

CVE-2009-2818

Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).

5CVSS6.8AI score0.00421EPSS

CVE•added 2011/10/14 10:55 a.m.•41 views

CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

5CVSS7.8AI score0.00291EPSS

CVE•added 2012/05/11 3:49 a.m.•41 views

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

7.5CVSS8.9AI score0.01739EPSS

CVE•added 2007/11/15 2:46 a.m.•40 views

CVE-2007-4701

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

2.1CVSS6.7AI score0.00073EPSS

CVE•added 2011/10/14 10:55 a.m.•40 views

CVE-2011-0229

Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

6.8CVSS8.3AI score0.01825EPSS

CVE•added 2011/10/14 10:55 a.m.•40 views

CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-m...

6.8CVSS8.5AI score0.0063EPSS

CVE•added 2007/11/15 1:46 a.m.•39 views

CVE-2007-4697

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

6.8CVSS7.5AI score0.02383EPSS

CVE•added 2009/04/02 5:30 p.m.•39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS

CVE•added 2008/07/01 6:41 p.m.•38 views

CVE-2008-2311

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

7.6CVSS7.3AI score0.02888EPSS

CVE•added 2012/09/20 9:55 p.m.•38 views

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

2.1CVSS5.8AI score0.00061EPSS

CVE•added 2008/07/01 6:41 p.m.•36 views

CVE-2008-2313

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

4.6CVSS6AI score0.00052EPSS

CVE•added 2011/10/14 10:55 a.m.•36 views

CVE-2011-3216

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

2.1CVSS7.5AI score0.00058EPSS

Total number of security vulnerabilities68