VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2006-1471Jun 27, 2006
    risk 0.00cvss epss 0.00

    Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted…

  • CVE-2006-1469Jun 27, 2006
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.

  • CVE-2006-1455May 12, 2006
    risk 0.00cvss epss 0.04

    QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.

  • CVE-2006-1456May 12, 2006
    risk 0.00cvss epss 0.06

    Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.

  • CVE-2006-1457May 12, 2006
    risk 0.00cvss epss 0.02

    Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.

  • CVE-2006-1981Apr 21, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.

  • CVE-2006-1984Apr 21, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.

  • CVE-2006-0401Apr 5, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.

  • CVE-2006-1552Mar 31, 2006
    risk 0.00cvss epss 0.04

    Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

  • CVE-2006-0397Mar 14, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…

  • CVE-2006-0399Mar 14, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…

  • CVE-2006-0398Mar 14, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…

  • CVE-2006-0400Mar 14, 2006
    risk 0.00cvss epss 0.02

    CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."

  • CVE-2006-1220Mar 14, 2006
    risk 0.00cvss epss 0.01

    Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.

  • CVE-2006-0386Mar 3, 2006
    risk 0.00cvss epss 0.00

    FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.

  • CVE-2006-0388Mar 3, 2006
    risk 0.00cvss epss 0.01

    Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.

  • CVE-2006-0389Mar 3, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.

  • CVE-2006-0384Mar 2, 2006
    risk 0.00cvss epss 0.04

    automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".

  • CVE-2006-0383Mar 2, 2006
    risk 0.00cvss epss 0.04

    IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".

  • CVE-2005-3712Dec 31, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.

Page 28 of 34