Lucene search

K
AppleMac Os X Server10.5.8

130 matches found

CVE
CVE
added 2010/03/30 6:30 p.m.49 views

CVE-2010-0509

SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.

7.2CVSS8AI score0.00039EPSS
CVE
CVE
added 2010/03/30 5:30 p.m.48 views

CVE-2010-0057

AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

7.5CVSS8.4AI score0.00225EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.48 views

CVE-2010-0505

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.

6.8CVSS9.3AI score0.02436EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.48 views

CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS8AI score0.01399EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.48 views

CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

2.1CVSS7.7AI score0.00075EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.47 views

CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5CVSS6.3AI score0.16946EPSS
CVE
CVE
added 2010/03/30 5:30 p.m.47 views

CVE-2009-2801

The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

6.4CVSS8.4AI score0.00198EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.47 views

CVE-2009-2812

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

6.8CVSS7.3AI score0.01744EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.47 views

CVE-2009-2833

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS7.8AI score0.0067EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.47 views

CVE-2009-2839

Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

6.8CVSS7.9AI score0.00747EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.47 views

CVE-2010-1381

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

3.5CVSS6.6AI score0.38234EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.47 views

CVE-2010-1828

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

5CVSS8.5AI score0.00975EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.47 views

CVE-2011-0196

AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

7.8CVSS5.1AI score0.00428EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3223

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.

6.8CVSS8.6AI score0.02356EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3224

The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

2.6CVSS8.3AI score0.00534EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.47 views

CVE-2012-0654

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

6.8CVSS8.5AI score0.00562EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0498

Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.

7.2CVSS8AI score0.00042EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0504

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS9.3AI score0.01241EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0506

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.

6.8CVSS9.1AI score0.01241EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0521

Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

5CVSS8.3AI score0.00267EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0522

Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.

9CVSS7.9AI score0.00421EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.46 views

CVE-2010-0523

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.

5CVSS8.7AI score0.00209EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.46 views

CVE-2010-0546

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.

3.3CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.46 views

CVE-2010-1382

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

3.5CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2010/11/16 10:0 p.m.46 views

CVE-2010-1846

Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.

6.8CVSS9.3AI score0.01392EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.46 views

CVE-2011-3221

QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.

6.8CVSS8.5AI score0.01774EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.46 views

CVE-2012-0655

libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that...

6.4CVSS7.8AI score0.00227EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.46 views

CVE-2012-0658

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

6.8CVSS8.7AI score0.01482EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.46 views

CVE-2012-0660

Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8CVSS8.4AI score0.01774EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.45 views

CVE-2009-2828

The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.5CVSS7.9AI score0.02313EPSS
CVE
CVE
added 2010/03/30 5:30 p.m.45 views

CVE-2010-0058

freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

6.4CVSS8.6AI score0.00904EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.45 views

CVE-2010-0507

Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.

6.8CVSS9.3AI score0.01241EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.45 views

CVE-2010-0545

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

4.4CVSS6.7AI score0.00069EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.45 views

CVE-2010-1374

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.

4.3CVSS7AI score0.008EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.45 views

CVE-2011-0183

Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

5CVSS4.8AI score0.00699EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.45 views

CVE-2011-3217

MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.

6.8CVSS8.7AI score0.01387EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.45 views

CVE-2012-0675

Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

4.3CVSS7.7AI score0.00314EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.45 views

CVE-2012-3719

Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.

6.8CVSS7.3AI score0.00447EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9CVSS6.7AI score0.00061EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6CVSS6.9AI score0.00059EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.44 views

CVE-2010-0510

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.

9CVSS8.2AI score0.00421EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.44 views

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly e...

5CVSS8.1AI score0.00127EPSS
CVE
CVE
added 2010/08/25 8:0 p.m.44 views

CVE-2010-1801

Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.

6.8CVSS9.1AI score0.01486EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.44 views

CVE-2010-1831

Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.

6.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.44 views

CVE-2010-1832

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.

6.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2010/11/15 11:0 p.m.44 views

CVE-2010-1837

CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.

6.8CVSS9.2AI score0.01927EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.44 views

CVE-2011-0181

Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

6.8CVSS6.2AI score0.12356EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.44 views

CVE-2011-0202

Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.

6.8CVSS6.5AI score0.0148EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.44 views

CVE-2011-3213

The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for ...

7.6CVSS7.7AI score0.00216EPSS
Total number of security vulnerabilities130