Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

19 matches found

CVE•added 2007/11/15 1:46 a.m.•55 views

CVE-2007-4690

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

9CVSS7.2AI score0.02227EPSS

CVE•added 2007/11/15 1:46 a.m.•54 views

CVE-2007-4693

The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

7.2CVSS7.6AI score0.00079EPSS

CVE•added 2007/11/07 11:46 p.m.•52 views

CVE-2007-1661

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?...

6.4CVSS9.2AI score0.02716EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4688

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

5CVSS6.8AI score0.0045EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4689

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

10CVSS7.6AI score0.06346EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

10CVSS6.9AI score0.00524EPSS

CVE•added 2007/11/15 1:46 a.m.•47 views

CVE-2007-4678

AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

7.1CVSS6.7AI score0.00519EPSS

CVE•added 2007/11/15 2:46 a.m.•47 views

CVE-2007-4700

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

7.5CVSS7AI score0.00647EPSS

CVE•added 2007/11/15 1:46 a.m.•46 views

CVE-2007-4696

Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

4.3CVSS6.7AI score0.00269EPSS

CVE•added 2007/11/15 1:46 a.m.•45 views

CVE-2007-4687

The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

9.3CVSS7AI score0.00386EPSS

CVE•added 2007/11/15 1:46 a.m.•44 views

CVE-2007-4269

Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

7.2CVSS7.5AI score0.00114EPSS

CVE•added 2007/11/15 1:46 a.m.•44 views

CVE-2007-4686

Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

7.2CVSS6.8AI score0.00089EPSS

CVE•added 2007/11/15 1:46 a.m.•44 views

CVE-2007-4694

Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

4.3CVSS6.8AI score0.0045EPSS

CVE•added 2007/11/15 1:46 a.m.•44 views

CVE-2007-4695

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

4.3CVSS6.8AI score0.0045EPSS

CVE•added 2007/11/15 1:46 a.m.•42 views

CVE-2007-4685

The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

7.2CVSS7.1AI score0.00054EPSS

CVE•added 2007/11/15 8:46 p.m.•41 views

CVE-2007-4703

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.

10CVSS6.1AI score0.00664EPSS

CVE•added 2007/11/15 2:46 a.m.•40 views

CVE-2007-4701

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

2.1CVSS6.7AI score0.00073EPSS

CVE•added 2007/11/15 8:46 p.m.•40 views

CVE-2007-4702

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

9.3CVSS6.1AI score0.00665EPSS

CVE•added 2007/11/15 1:46 a.m.•39 views

CVE-2007-4697

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

6.8CVSS7.5AI score0.02383EPSS