Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5860 | 0.00 | — | 0.00 | Dec 19, 2007 | Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | |||
| CVE-2007-4702 | 0.00 | — | 0.02 | Nov 15, 2007 | The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. | |||
| CVE-2007-4703 | 0.00 | — | 0.03 | Nov 15, 2007 | The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended… | |||
| CVE-2007-4700 | 0.00 | — | 0.02 | Nov 15, 2007 | Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | |||
| CVE-2007-4701 | 0.00 | — | 0.00 | Nov 15, 2007 | WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||
| CVE-2007-4695 | 0.00 | — | 0.02 | Nov 15, 2007 | Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | |||
| CVE-2007-4688 | 0.00 | — | 0.02 | Nov 15, 2007 | The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | |||
| CVE-2007-4693 | 0.00 | — | 0.00 | Nov 15, 2007 | The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | |||
| CVE-2007-4685 | 0.00 | — | 0.00 | Nov 15, 2007 | The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | |||
| CVE-2007-4691 | 0.00 | — | 0.02 | Nov 15, 2007 | The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | |||
| CVE-2007-4687 | 0.00 | — | 0.02 | Nov 15, 2007 | The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | |||
| CVE-2007-4694 | 0.00 | — | 0.02 | Nov 15, 2007 | Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||
| CVE-2007-4697 | 0.00 | — | 0.03 | Nov 15, 2007 | Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. | |||
| CVE-2007-4686 | 0.00 | — | 0.00 | Nov 15, 2007 | Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | |||
| CVE-2007-4269 | 0.00 | — | 0.00 | Nov 15, 2007 | Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | |||
| CVE-2007-4678 | 0.00 | — | 0.02 | Nov 15, 2007 | AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. | |||
| CVE-2007-4696 | 0.00 | — | 0.01 | Nov 15, 2007 | Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||
| CVE-2007-4690 | 0.00 | — | 0.04 | Nov 15, 2007 | Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. | |||
| CVE-2007-1661 | 0.00 | — | 0.02 | Nov 7, 2007 | Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as… | |||
| CVE-2007-2404 | 0.00 | — | 0.01 | Aug 3, 2007 | CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for… |
- CVE-2007-5860Dec 19, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
- CVE-2007-4702Nov 15, 2007risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
- CVE-2007-4703Nov 15, 2007risk 0.00cvss —epss 0.03
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended…
- CVE-2007-4700Nov 15, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
- CVE-2007-4701Nov 15, 2007risk 0.00cvss —epss 0.00
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
- CVE-2007-4695Nov 15, 2007risk 0.00cvss —epss 0.02
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
- CVE-2007-4688Nov 15, 2007risk 0.00cvss —epss 0.02
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
- CVE-2007-4693Nov 15, 2007risk 0.00cvss —epss 0.00
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
- CVE-2007-4685Nov 15, 2007risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
- CVE-2007-4691Nov 15, 2007risk 0.00cvss —epss 0.02
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
- CVE-2007-4687Nov 15, 2007risk 0.00cvss —epss 0.02
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
- CVE-2007-4694Nov 15, 2007risk 0.00cvss —epss 0.02
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
- CVE-2007-4697Nov 15, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
- CVE-2007-4686Nov 15, 2007risk 0.00cvss —epss 0.00
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.
- CVE-2007-4269Nov 15, 2007risk 0.00cvss —epss 0.00
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.
- CVE-2007-4678Nov 15, 2007risk 0.00cvss —epss 0.02
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
- CVE-2007-4696Nov 15, 2007risk 0.00cvss —epss 0.01
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
- CVE-2007-4690Nov 15, 2007risk 0.00cvss —epss 0.04
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
- CVE-2007-1661Nov 7, 2007risk 0.00cvss —epss 0.02
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as…
- CVE-2007-2404Aug 3, 2007risk 0.00cvss —epss 0.01
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for…
Page 25 of 34