Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

17 matches found

CVE•added 2009/05/13 3:30 p.m.•54 views

CVE-2009-0152

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

7.5CVSS6.5AI score0.00628EPSS

CVE•added 2009/05/13 3:30 p.m.•49 views

CVE-2009-0156

Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.

4.3CVSS6.8AI score0.01009EPSS

CVE•added 2009/05/13 3:30 p.m.•48 views

CVE-2009-0944

The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruptio...

6.8CVSS7.7AI score0.01551EPSS

CVE•added 2009/05/13 3:30 p.m.•47 views

CVE-2009-0153

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences ...

4.3CVSS6.6AI score0.06394EPSS

CVE•added 2009/05/13 3:30 p.m.•47 views

CVE-2009-0155

Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based bu...

6.8CVSS7.8AI score0.04225EPSS

CVE•added 2009/05/13 3:30 p.m.•47 views

CVE-2009-0158

Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.

6.8CVSS7.9AI score0.01908EPSS

CVE•added 2009/05/13 3:30 p.m.•46 views

CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.

4.3CVSS6.5AI score0.00284EPSS

CVE•added 2009/05/13 3:30 p.m.•44 views

CVE-2009-0150

Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.

4.4CVSS7.3AI score0.00164EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0154

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

6.8CVSS7.6AI score0.16284EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0157

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.

6.8CVSS7.9AI score0.01234EPSS

CVE•added 2009/05/13 3:30 p.m.•43 views

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.5AI score0.02306EPSS

CVE•added 2009/05/13 3:30 p.m.•42 views

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.4AI score0.02306EPSS

CVE•added 2009/05/13 3:30 p.m.•41 views

CVE-2009-0149

Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

4.4CVSS7.1AI score0.00117EPSS

CVE•added 2009/05/13 3:30 p.m.•39 views

CVE-2008-1517

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

7.2CVSS6.9AI score0.00064EPSS

CVE•added 2009/05/13 3:30 p.m.•38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS

CVE•added 2009/05/13 3:30 p.m.•37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS

CVE•added 2009/05/13 3:30 p.m.•35 views

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

6.4CVSS6.8AI score0.00181EPSS