Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2828 | 0.00 | — | 0.03 | Nov 10, 2009 | The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2009-2827 | 0.00 | — | 0.03 | Nov 10, 2009 | Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||
| CVE-2009-2826 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||
| CVE-2009-2825 | 0.00 | — | 0.01 | Nov 10, 2009 | Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted… | |||
| CVE-2009-2824 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||
| CVE-2009-2823 | 0.00 | — | 0.02 | Nov 10, 2009 | The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||
| CVE-2009-2819 | 0.00 | — | 0.02 | Nov 10, 2009 | AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||
| CVE-2009-2818 | 0.00 | — | 0.02 | Nov 10, 2009 | Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||
| CVE-2009-2810 | 0.00 | — | 0.03 | Nov 10, 2009 | Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"… | |||
| CVE-2009-2808 | 0.00 | — | 0.01 | Nov 10, 2009 | Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | |||
| CVE-2009-2814 | 0.00 | — | 0.02 | Sep 14, 2009 | Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | |||
| CVE-2009-2813 | 0.00 | — | 0.03 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,… | |||
| CVE-2009-2812 | 0.00 | — | 0.02 | Sep 14, 2009 | Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a… | |||
| CVE-2009-2811 | 0.00 | — | 0.03 | Sep 14, 2009 | Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | |||
| CVE-2009-2809 | 0.00 | — | 0.03 | Sep 14, 2009 | ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues." | |||
| CVE-2009-2807 | 0.00 | — | 0.00 | Sep 14, 2009 | Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2009-2805 | 0.00 | — | 0.03 | Sep 14, 2009 | Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | |||
| CVE-2009-2804 | 0.00 | — | 0.04 | Sep 14, 2009 | Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a… | |||
| CVE-2009-2803 | 0.00 | — | 0.02 | Sep 14, 2009 | CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | |||
| CVE-2009-2800 | 0.00 | — | 0.03 | Sep 11, 2009 | Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. |
- CVE-2009-2828Nov 10, 2009risk 0.00cvss —epss 0.03
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
- CVE-2009-2827Nov 10, 2009risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
- CVE-2009-2826Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
- CVE-2009-2825Nov 10, 2009risk 0.00cvss —epss 0.01
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted…
- CVE-2009-2824Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
- CVE-2009-2823Nov 10, 2009risk 0.00cvss —epss 0.02
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
- CVE-2009-2819Nov 10, 2009risk 0.00cvss —epss 0.02
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
- CVE-2009-2818Nov 10, 2009risk 0.00cvss —epss 0.02
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
- CVE-2009-2810Nov 10, 2009risk 0.00cvss —epss 0.03
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"…
- CVE-2009-2808Nov 10, 2009risk 0.00cvss —epss 0.01
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
- CVE-2009-2814Sep 14, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
- CVE-2009-2813Sep 14, 2009risk 0.00cvss —epss 0.03
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…
- CVE-2009-2812Sep 14, 2009risk 0.00cvss —epss 0.02
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a…
- CVE-2009-2811Sep 14, 2009risk 0.00cvss —epss 0.03
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
- CVE-2009-2809Sep 14, 2009risk 0.00cvss —epss 0.03
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
- CVE-2009-2807Sep 14, 2009risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
- CVE-2009-2805Sep 14, 2009risk 0.00cvss —epss 0.03
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
- CVE-2009-2804Sep 14, 2009risk 0.00cvss —epss 0.04
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a…
- CVE-2009-2803Sep 14, 2009risk 0.00cvss —epss 0.02
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
- CVE-2009-2800Sep 11, 2009risk 0.00cvss —epss 0.03
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
Page 18 of 34