Mac Os X Server@10.5.8 Security Vulnerabilities and Issues — Mac Os X Server@10.5.8 CVE List

Lucene search

AppleMac Os X Server10.5.8

130 matches found

CVE•added 2012/05/11 3:49 a.m.•125 views

CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8CVSS8.5AI score0.01774EPSS

CVE•added 2009/04/17 12:30 a.m.•89 views

CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

7.5CVSS8.8AI score0.11816EPSS

CVE•added 2009/07/10 3:30 p.m.•88 views

CVE-2009-2422

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentica...

9.8CVSS9.4AI score0.00403EPSS

CVE•added 2009/09/14 4:30 p.m.•80 views

CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote aut...

6CVSS7AI score0.00366EPSS

CVE•added 2009/11/10 7:30 p.m.•71 views

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related ...

4.3CVSS6.8AI score0.01726EPSS

CVE•added 2010/06/17 4:30 p.m.•68 views

CVE-2010-1411

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a c...

6.8CVSS7.8AI score0.01116EPSS

CVE•added 2009/11/10 7:30 p.m.•65 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legiti...

4.3CVSS5.6AI score0.01808EPSS

CVE•added 2010/03/30 6:30 p.m.•64 views

CVE-2010-0508

Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.

10CVSS8.6AI score0.00352EPSS

CVE•added 2010/06/17 4:30 p.m.•64 views

CVE-2010-0540

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

6CVSS8.3AI score0.00401EPSS

CVE•added 2009/11/10 7:30 p.m.•63 views

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3CVSS5.9AI score0.0032EPSS

CVE•added 2010/03/25 9:0 p.m.•58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.28439EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

6.8CVSS7.7AI score0.0089EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS

CVE•added 2010/11/15 11:0 p.m.•57 views

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.

5CVSS8.4AI score0.00307EPSS

CVE•added 2009/09/14 4:30 p.m.•56 views

CVE-2009-2809

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

6.8CVSS7.8AI score0.02414EPSS

CVE•added 2009/12/08 5:30 p.m.•56 views

CVE-2009-2843

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

5CVSS7.6AI score0.01018EPSS

CVE•added 2010/11/16 10:0 p.m.•56 views

CVE-2010-3785

Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.

6.8CVSS9.2AI score0.02245EPSS

CVE•added 2010/11/16 10:0 p.m.•56 views

CVE-2010-3797

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.6AI score0.00209EPSS

CVE•added 2011/06/24 8:55 p.m.•56 views

CVE-2011-0204

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.

6.8CVSS6.6AI score0.03719EPSS

CVE•added 2011/10/14 10:55 a.m.•56 views

CVE-2011-3220

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

4.3CVSS7.3AI score0.00735EPSS

CVE•added 2011/10/14 10:55 a.m.•56 views

CVE-2011-3222

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

6.8CVSS8.6AI score0.02208EPSS

CVE•added 2012/09/20 9:55 p.m.•56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2010/03/30 5:30 p.m.•55 views

CVE-2010-0056

Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

6.8CVSS9.2AI score0.01449EPSS

CVE•added 2010/06/17 4:30 p.m.•55 views

CVE-2010-0541

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

4.3CVSS6.2AI score0.01708EPSS

CVE•added 2010/03/30 6:30 p.m.•54 views

CVE-2010-0513

Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.

6.8CVSS9.3AI score0.01901EPSS

CVE•added 2010/11/15 11:0 p.m.•54 views

CVE-2010-1829

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

6CVSS8.8AI score0.00732EPSS

CVE•added 2010/11/16 10:0 p.m.•54 views

CVE-2010-3784

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.

5CVSS8.3AI score0.00408EPSS

CVE•added 2010/11/16 10:0 p.m.•54 views

CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.

4.3CVSS8.1AI score0.00209EPSS

CVE•added 2010/11/16 11:18 p.m.•54 views

CVE-2010-4010

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

6.8CVSS8.9AI score0.01314EPSS

CVE•added 2010/03/30 6:30 p.m.•53 views

CVE-2010-0055

xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

10CVSS8.4AI score0.00647EPSS

CVE•added 2009/09/14 4:30 p.m.•52 views

CVE-2009-2811

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

6.8CVSS7.4AI score0.02518EPSS

CVE•added 2010/01/20 4:30 p.m.•52 views

CVE-2010-0037

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.

9.3CVSS7.8AI score0.04726EPSS

CVE•added 2010/03/30 6:30 p.m.•52 views

CVE-2010-0063

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as ...

6.8CVSS8.9AI score0.00345EPSS

CVE•added 2010/06/17 4:30 p.m.•52 views

CVE-2010-0543

ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.

6.8CVSS7.8AI score0.02117EPSS

CVE•added 2010/11/15 11:0 p.m.•52 views

CVE-2010-1840

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS9.4AI score0.0553EPSS

CVE•added 2011/10/14 10:55 a.m.•52 views

CVE-2011-3215

The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

2.1CVSS7.8AI score0.00068EPSS

CVE•added 2011/10/14 10:55 a.m.•52 views

CVE-2011-3218

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported...

2.6CVSS7.2AI score0.00662EPSS

CVE•added 2013/06/05 2:39 p.m.•52 views

CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

9.3CVSS7.5AI score0.09856EPSS

CVE•added 2009/11/10 7:30 p.m.•51 views

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4CVSS7.1AI score0.00092EPSS

CVE•added 2010/11/15 11:0 p.m.•51 views

CVE-2010-1836

Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS9.3AI score0.01486EPSS

CVE•added 2011/06/24 8:55 p.m.•51 views

CVE-2011-0197

App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

2.1CVSS4.7AI score0.00046EPSS

CVE•added 2009/11/10 7:30 p.m.•50 views

CVE-2009-2824

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.

6.8CVSS7.5AI score0.02571EPSS

CVE•added 2009/11/10 7:30 p.m.•50 views

CVE-2009-2831

Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."

5.8CVSS7.3AI score0.00353EPSS

CVE•added 2009/11/10 7:30 p.m.•50 views

CVE-2009-2832

Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."

5.1CVSS7.9AI score0.0184EPSS

CVE•added 2010/01/20 4:30 p.m.•50 views

CVE-2010-0036

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.

9.3CVSS7.8AI score0.01564EPSS

CVE•added 2010/03/30 6:30 p.m.•50 views

CVE-2010-0497

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

6.8CVSS9.1AI score0.01097EPSS

CVE•added 2010/11/15 11:0 p.m.•50 views

CVE-2010-1838

Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.

4.4CVSS8.7AI score0.00091EPSS

CVE•added 2010/11/16 10:0 p.m.•50 views

CVE-2010-3783

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.

6.8CVSS8.1AI score0.00159EPSS

CVE•added 2011/10/14 10:55 a.m.•50 views

CVE-2011-0230

Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS8.7AI score0.01462EPSS

CVE•added 2009/09/11 6:30 p.m.•49 views

CVE-2009-2800

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

6.8CVSS7.5AI score0.00963EPSS

Total number of security vulnerabilities130