VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2008-3622Sep 16, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

  • CVE-2008-3621Sep 16, 2008
    risk 0.00cvss epss 0.06

    VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

  • CVE-2008-3619Sep 16, 2008
    risk 0.00cvss epss 0.00

    Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

  • CVE-2008-3617Sep 16, 2008
    risk 0.00cvss epss 0.01

    Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed…

  • CVE-2008-3616Sep 16, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API…

  • CVE-2008-3611Sep 16, 2008
    risk 0.00cvss epss 0.00

    Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering…

  • CVE-2008-3610Sep 16, 2008
    risk 0.00cvss epss 0.02

    Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an…

  • CVE-2008-3609Sep 16, 2008
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

  • CVE-2008-3608Sep 16, 2008
    risk 0.00cvss epss 0.03

    ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

  • CVE-2008-2332Sep 16, 2008
    risk 0.00cvss epss 0.03

    ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

  • CVE-2008-2331Sep 16, 2008
    risk 0.00cvss epss 0.01

    Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an…

  • CVE-2008-2330Sep 16, 2008
    risk 0.00cvss epss 0.00

    slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

  • CVE-2008-2329Sep 16, 2008
    risk 0.00cvss epss 0.00

    Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

  • CVE-2008-2312Sep 16, 2008
    risk 0.00cvss epss 0.00

    Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

  • CVE-2008-2305Sep 16, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

  • CVE-2008-2324Aug 4, 2008
    risk 0.00cvss epss 0.00

    The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

  • CVE-2008-2309Jul 1, 2008
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature…

  • CVE-2008-2313Jul 1, 2008
    risk 0.00cvss epss 0.00

    Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

  • CVE-2008-2311Jul 1, 2008
    risk 0.00cvss epss 0.03

    Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

  • CVE-2008-2310Jul 1, 2008
    risk 0.00cvss epss 0.03

    Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.

Page 22 of 34