VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2007-5860Dec 19, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."

  • CVE-2007-4702Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

  • CVE-2007-4703Nov 15, 2007
    risk 0.00cvss epss 0.03

    The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended…

  • CVE-2007-4700Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

  • CVE-2007-4701Nov 15, 2007
    risk 0.00cvss epss 0.00

    WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

  • CVE-2007-4695Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

  • CVE-2007-4688Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

  • CVE-2007-4693Nov 15, 2007
    risk 0.00cvss epss 0.00

    The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

  • CVE-2007-4685Nov 15, 2007
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

  • CVE-2007-4691Nov 15, 2007
    risk 0.00cvss epss 0.02

    The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

  • CVE-2007-4687Nov 15, 2007
    risk 0.00cvss epss 0.02

    The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

  • CVE-2007-4694Nov 15, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

  • CVE-2007-4697Nov 15, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

  • CVE-2007-4686Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

  • CVE-2007-4269Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

  • CVE-2007-4678Nov 15, 2007
    risk 0.00cvss epss 0.02

    AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

  • CVE-2007-4696Nov 15, 2007
    risk 0.00cvss epss 0.01

    Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

  • CVE-2007-4690Nov 15, 2007
    risk 0.00cvss epss 0.04

    Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

  • CVE-2007-1661Nov 7, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as…

  • CVE-2007-2404Aug 3, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for…

Page 25 of 34