Mac Os X Server@10.5 Security Vulnerabilities and Issues — Page 3 of Mac Os X Server@10.5 CVE List

Lucene search

AppleMac Os X Server10.5

118 matches found

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

5CVSS6AI score0.00208EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-3617

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

5CVSS6.3AI score0.0032EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-3622

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

4.3CVSS5.8AI score0.00453EPSS

CVE•added 2009/04/02 5:30 p.m.•39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS

CVE•added 2008/06/02 9:30 p.m.•38 views

CVE-2008-1579

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

5CVSS5.4AI score0.00531EPSS

CVE•added 2008/07/01 6:41 p.m.•38 views

CVE-2008-2311

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

7.6CVSS7.3AI score0.02888EPSS

CVE•added 2008/12/17 1:30 a.m.•38 views

CVE-2008-4220

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by Securit...

10CVSS7.6AI score0.0089EPSS

CVE•added 2010/03/30 6:30 p.m.•38 views

CVE-2010-0502

iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.

4.3CVSS8.6AI score0.00229EPSS

CVE•added 2010/03/30 6:30 p.m.•38 views

CVE-2010-0503

Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

6.5CVSS8.8AI score0.01244EPSS

CVE•added 2012/09/20 9:55 p.m.•38 views

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

2.1CVSS5.8AI score0.00061EPSS

CVE•added 2008/06/02 9:30 p.m.•37 views

CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

9.3CVSS7.4AI score0.03194EPSS

CVE•added 2008/12/17 1:30 a.m.•37 views

CVE-2008-4223

Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.

10CVSS6.5AI score0.00996EPSS

CVE•added 2008/07/01 6:41 p.m.•36 views

CVE-2008-2313

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

4.6CVSS6AI score0.00052EPSS

CVE•added 2008/09/16 11:0 p.m.•36 views

CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

10CVSS6.9AI score0.01065EPSS

CVE•added 2011/10/14 10:55 a.m.•36 views

CVE-2011-3216

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

2.1CVSS7.5AI score0.00058EPSS

CVE•added 2008/06/02 9:30 p.m.•35 views

CVE-2008-1027

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

4.3CVSS6.2AI score0.00524EPSS

CVE•added 2008/09/16 11:0 p.m.•35 views

CVE-2008-3610

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account fro...

7.6CVSS6.5AI score0.00261EPSS

CVE•added 2008/06/02 9:30 p.m.•34 views

CVE-2008-1030

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.

10CVSS7.7AI score0.01929EPSS

Total number of security vulnerabilities118