VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2009-2828Nov 10, 2009
    risk 0.00cvss epss 0.03

    The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2009-2827Nov 10, 2009
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

  • CVE-2009-2826Nov 10, 2009
    risk 0.00cvss epss 0.03

    Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.

  • CVE-2009-2825Nov 10, 2009
    risk 0.00cvss epss 0.01

    Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted…

  • CVE-2009-2824Nov 10, 2009
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.

  • CVE-2009-2823Nov 10, 2009
    risk 0.00cvss epss 0.02

    The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

  • CVE-2009-2819Nov 10, 2009
    risk 0.00cvss epss 0.02

    AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

  • CVE-2009-2818Nov 10, 2009
    risk 0.00cvss epss 0.02

    Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).

  • CVE-2009-2810Nov 10, 2009
    risk 0.00cvss epss 0.03

    Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"…

  • CVE-2009-2808Nov 10, 2009
    risk 0.00cvss epss 0.01

    Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

  • CVE-2009-2814Sep 14, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.

  • CVE-2009-2813Sep 14, 2009
    risk 0.00cvss epss 0.03

    Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…

  • CVE-2009-2812Sep 14, 2009
    risk 0.00cvss epss 0.02

    Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a…

  • CVE-2009-2811Sep 14, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

  • CVE-2009-2809Sep 14, 2009
    risk 0.00cvss epss 0.03

    ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

  • CVE-2009-2807Sep 14, 2009
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

  • CVE-2009-2805Sep 14, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

  • CVE-2009-2804Sep 14, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a…

  • CVE-2009-2803Sep 14, 2009
    risk 0.00cvss epss 0.02

    CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

  • CVE-2009-2800Sep 11, 2009
    risk 0.00cvss epss 0.03

    Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

Page 18 of 34