VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2008-2309Jul 1, 2008
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature…

  • CVE-2008-2308Jul 1, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount…

  • CVE-2008-1028Jun 2, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

  • CVE-2008-1036Jun 2, 2008
    risk 0.00cvss epss 0.03

    The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…

  • CVE-2008-1031Jun 2, 2008
    risk 0.00cvss epss 0.06

    CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

  • CVE-2008-1573Jun 2, 2008
    risk 0.00cvss epss 0.02

    The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

  • CVE-2008-1027Jun 2, 2008
    risk 0.00cvss epss 0.02

    Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

  • CVE-2008-1572Jun 2, 2008
    risk 0.00cvss epss 0.00

    Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

  • CVE-2008-1032Jun 2, 2008
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…

  • CVE-2008-1577Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

  • CVE-2008-1579Jun 2, 2008
    risk 0.00cvss epss 0.03

    Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

  • CVE-2008-1575Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

  • CVE-2008-1578Jun 2, 2008
    risk 0.00cvss epss 0.00

    The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-1571Jun 2, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

  • CVE-2008-1030Jun 2, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…

  • CVE-2008-0056Mar 18, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

  • CVE-2008-0999Mar 18, 2008
    risk 0.00cvss epss 0.03

    Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

  • CVE-2008-0052Mar 18, 2008
    risk 0.00cvss epss 0.02

    CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

  • CVE-2008-0992Mar 18, 2008
    risk 0.00cvss epss 0.03

    Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

  • CVE-2008-0996Mar 18, 2008
    risk 0.00cvss epss 0.00

    The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

Page 23 of 34