VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2010-1834Nov 15, 2010
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

  • CVE-2010-1833Nov 15, 2010
    risk 0.00cvss epss 0.03

    Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.

  • CVE-2010-1832Nov 15, 2010
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.

  • CVE-2010-1831Nov 15, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.

  • CVE-2010-1830Nov 15, 2010
    risk 0.00cvss epss 0.01

    AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.

  • CVE-2010-1829Nov 15, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

  • CVE-2010-1828Nov 15, 2010
    risk 0.00cvss epss 0.02

    AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

  • CVE-2010-1803Nov 15, 2010
    risk 0.00cvss epss 0.02

    Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

  • CVE-2010-1820Sep 21, 2010
    risk 0.00cvss epss 0.02

    Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

  • CVE-2010-1808Aug 25, 2010
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

  • CVE-2010-1802Aug 25, 2010
    risk 0.00cvss epss 0.01

    libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a…

  • CVE-2010-1801Aug 25, 2010
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.

  • CVE-2010-1800Aug 25, 2010
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.

  • CVE-2010-1382Jun 17, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

  • CVE-2010-1381Jun 17, 2010
    risk 0.00cvss epss 0.01

    The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

  • CVE-2010-1380Jun 17, 2010
    risk 0.00cvss epss 0.04

    Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.

  • CVE-2010-1379Jun 17, 2010
    risk 0.00cvss epss 0.02

    Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

  • CVE-2010-1377Jun 17, 2010
    risk 0.00cvss epss 0.03

    Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.

  • CVE-2010-1376Jun 17, 2010
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.

  • CVE-2010-1375Jun 17, 2010
    risk 0.00cvss epss 0.00

    NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.

Page 14 of 34