VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2010-0062Mar 30, 2010
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an…

  • CVE-2010-0060Mar 30, 2010
    risk 0.00cvss epss 0.03

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.

  • CVE-2010-0055Mar 30, 2010
    risk 0.00cvss epss 0.02

    xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

  • CVE-2010-0533Mar 30, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

  • CVE-2010-0059Mar 30, 2010
    risk 0.00cvss epss 0.05

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields,…

  • CVE-2010-0058Mar 30, 2010
    risk 0.00cvss epss 0.02

    freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

  • CVE-2010-0057Mar 30, 2010
    risk 0.00cvss epss 0.01

    AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

  • CVE-2010-0056Mar 30, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

  • CVE-2009-2801Mar 30, 2010
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

  • CVE-2009-2843Dec 8, 2009
    risk 0.00cvss epss 0.02

    Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

  • CVE-2009-2840Nov 10, 2009
    risk 0.00cvss epss 0.00

    Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

  • CVE-2009-2839Nov 10, 2009
    risk 0.00cvss epss 0.02

    Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2009-2836Nov 10, 2009
    risk 0.00cvss epss 0.00

    Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

  • CVE-2009-2835Nov 10, 2009
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

  • CVE-2009-2834Nov 10, 2009
    risk 0.00cvss epss 0.00

    IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

  • CVE-2009-2833Nov 10, 2009
    risk 0.00cvss epss 0.03

    Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2009-2832Nov 10, 2009
    risk 0.00cvss epss 0.03

    Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."

  • CVE-2009-2831Nov 10, 2009
    risk 0.00cvss epss 0.01

    Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."

  • CVE-2009-2830Nov 10, 2009
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might…

  • CVE-2009-2829Nov 10, 2009
    risk 0.00cvss epss 0.02

    Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"…

Page 17 of 34