Mac Os X Server Security Vulnerabilities and Issues — Mac Os X Server CVE List

Lucene search

AppleMac Os X Server

17 matches found

CVE•added 2008/09/16 11:0 p.m.•47 views

CVE-2008-3608

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

9.3CVSS7AI score0.0543EPSS

CVE•added 2008/09/16 11:0 p.m.•46 views

CVE-2008-2332

9.3CVSS7AI score0.0543EPSS

CVE•added 2008/09/16 11:0 p.m.•45 views

CVE-2008-3619

Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

2.1CVSS5.8AI score0.00051EPSS

CVE•added 2008/09/16 11:0 p.m.•44 views

CVE-2008-2312

Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

4.9CVSS5.7AI score0.00073EPSS

CVE•added 2008/09/16 11:0 p.m.•44 views

CVE-2008-2329

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

1.9CVSS6AI score0.00086EPSS

CVE•added 2008/09/16 11:0 p.m.•43 views

CVE-2008-3609

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

7.2CVSS6AI score0.00058EPSS

CVE•added 2008/09/16 11:0 p.m.•43 views

CVE-2008-3621

VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

9.3CVSS7.1AI score0.03673EPSS

CVE•added 2008/09/26 4:21 p.m.•43 views

CVE-2008-3638

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

9.3CVSS8.6AI score0.01864EPSS

CVE•added 2008/09/16 11:0 p.m.•40 views

CVE-2008-2305

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

9.3CVSS6.9AI score0.0871EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-2330

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

4.9CVSS6.1AI score0.00073EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

5CVSS6AI score0.00208EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-3617

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

5CVSS6.3AI score0.0032EPSS

CVE•added 2008/09/16 11:0 p.m.•39 views

CVE-2008-3622

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

4.3CVSS5.8AI score0.00453EPSS

CVE•added 2008/09/16 11:0 p.m.•37 views

CVE-2008-3611

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new pa...

6.3CVSS6.4AI score0.00055EPSS

CVE•added 2008/09/26 4:21 p.m.•37 views

CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

9.3CVSS8.6AI score0.12476EPSS

CVE•added 2008/09/16 11:0 p.m.•36 views

CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

10CVSS6.9AI score0.01065EPSS

CVE•added 2008/09/16 11:0 p.m.•35 views

CVE-2008-3610

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account fro...

7.6CVSS6.5AI score0.00261EPSS