Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0062 | 0.00 | — | 0.04 | Mar 30, 2010 | Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an… | |||
| CVE-2010-0060 | 0.00 | — | 0.03 | Mar 30, 2010 | CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. | |||
| CVE-2010-0055 | 0.00 | — | 0.02 | Mar 30, 2010 | xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. | |||
| CVE-2010-0533 | 0.00 | — | 0.02 | Mar 30, 2010 | Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | |||
| CVE-2010-0059 | 0.00 | — | 0.05 | Mar 30, 2010 | CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields,… | |||
| CVE-2010-0058 | 0.00 | — | 0.02 | Mar 30, 2010 | freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. | |||
| CVE-2010-0057 | 0.00 | — | 0.01 | Mar 30, 2010 | AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. | |||
| CVE-2010-0056 | 0.00 | — | 0.03 | Mar 30, 2010 | Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | |||
| CVE-2009-2801 | 0.00 | — | 0.02 | Mar 30, 2010 | The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." | |||
| CVE-2009-2843 | 0.00 | — | 0.02 | Dec 8, 2009 | Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | |||
| CVE-2009-2840 | 0.00 | — | 0.00 | Nov 10, 2009 | Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||
| CVE-2009-2839 | 0.00 | — | 0.02 | Nov 10, 2009 | Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2009-2836 | 0.00 | — | 0.00 | Nov 10, 2009 | Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||
| CVE-2009-2835 | 0.00 | — | 0.00 | Nov 10, 2009 | The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | |||
| CVE-2009-2834 | 0.00 | — | 0.00 | Nov 10, 2009 | IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||
| CVE-2009-2833 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2009-2832 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." | |||
| CVE-2009-2831 | 0.00 | — | 0.01 | Nov 10, 2009 | Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||
| CVE-2009-2830 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might… | |||
| CVE-2009-2829 | 0.00 | — | 0.02 | Nov 10, 2009 | Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"… |
- CVE-2010-0062Mar 30, 2010risk 0.00cvss —epss 0.04
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an…
- CVE-2010-0060Mar 30, 2010risk 0.00cvss —epss 0.03
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
- CVE-2010-0055Mar 30, 2010risk 0.00cvss —epss 0.02
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
- CVE-2010-0533Mar 30, 2010risk 0.00cvss —epss 0.02
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
- CVE-2010-0059Mar 30, 2010risk 0.00cvss —epss 0.05
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields,…
- CVE-2010-0058Mar 30, 2010risk 0.00cvss —epss 0.02
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.
- CVE-2010-0057Mar 30, 2010risk 0.00cvss —epss 0.01
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
- CVE-2010-0056Mar 30, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
- CVE-2009-2801Mar 30, 2010risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
- CVE-2009-2843Dec 8, 2009risk 0.00cvss —epss 0.02
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
- CVE-2009-2840Nov 10, 2009risk 0.00cvss —epss 0.00
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
- CVE-2009-2839Nov 10, 2009risk 0.00cvss —epss 0.02
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
- CVE-2009-2836Nov 10, 2009risk 0.00cvss —epss 0.00
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
- CVE-2009-2835Nov 10, 2009risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
- CVE-2009-2834Nov 10, 2009risk 0.00cvss —epss 0.00
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
- CVE-2009-2833Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2009-2832Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
- CVE-2009-2831Nov 10, 2009risk 0.00cvss —epss 0.01
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
- CVE-2009-2830Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might…
- CVE-2009-2829Nov 10, 2009risk 0.00cvss —epss 0.02
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"…
Page 17 of 34