Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3782 | 0.00 | — | 0.00 | Dec 31, 2005 | Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or… | |||
| CVE-2005-3712 | 0.00 | — | 0.04 | Dec 31, 2005 | Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes. | |||
| CVE-2005-3706 | 0.00 | — | 0.04 | Dec 31, 2005 | Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | |||
| CVE-2005-4217 | 0.00 | — | 0.03 | Dec 14, 2005 | Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. | |||
| CVE-2005-2757 | 0.00 | — | 0.04 | Dec 1, 2005 | Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | |||
| CVE-2005-3700 | 0.00 | — | 0.00 | Dec 1, 2005 | Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | |||
| CVE-2005-3704 | 0.00 | — | 0.02 | Dec 1, 2005 | System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | |||
| CVE-2005-3705 | 0.00 | — | 0.04 | Dec 1, 2005 | Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||
| CVE-2005-3702 | 0.00 | — | 0.02 | Dec 1, 2005 | Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||
| CVE-2005-3701 | 0.00 | — | 0.00 | Dec 1, 2005 | Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2005-2749 | 0.00 | — | 0.00 | Nov 1, 2005 | Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. | |||
| CVE-2005-2752 | 0.00 | — | 0.00 | Nov 1, 2005 | An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | |||
| CVE-2005-2751 | 0.00 | — | 0.00 | Nov 1, 2005 | memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||
| CVE-2005-2750 | 0.00 | — | 0.00 | Nov 1, 2005 | Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed. | |||
| CVE-2005-2739 | 0.00 | — | 0.00 | Nov 1, 2005 | Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | |||
| CVE-2005-2746 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | |||
| CVE-2005-2745 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | |||
| CVE-2005-2743 | 0.00 | — | 0.05 | Oct 26, 2005 | The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | |||
| CVE-2005-2742 | 0.00 | — | 0.00 | Oct 26, 2005 | SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the… | |||
| CVE-2005-2741 | 0.00 | — | 0.00 | Oct 26, 2005 | Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. |
- CVE-2005-3782Dec 31, 2005risk 0.00cvss —epss 0.00
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or…
- CVE-2005-3712Dec 31, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
- CVE-2005-3706Dec 31, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
- CVE-2005-4217Dec 14, 2005risk 0.00cvss —epss 0.03
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
- CVE-2005-2757Dec 1, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
- CVE-2005-3700Dec 1, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
- CVE-2005-3704Dec 1, 2005risk 0.00cvss —epss 0.02
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
- CVE-2005-3705Dec 1, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
- CVE-2005-3702Dec 1, 2005risk 0.00cvss —epss 0.02
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
- CVE-2005-3701Dec 1, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
- CVE-2005-2749Nov 1, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
- CVE-2005-2752Nov 1, 2005risk 0.00cvss —epss 0.00
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
- CVE-2005-2751Nov 1, 2005risk 0.00cvss —epss 0.00
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
- CVE-2005-2750Nov 1, 2005risk 0.00cvss —epss 0.00
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
- CVE-2005-2739Nov 1, 2005risk 0.00cvss —epss 0.00
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
- CVE-2005-2746Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
- CVE-2005-2745Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
- CVE-2005-2743Oct 26, 2005risk 0.00cvss —epss 0.05
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
- CVE-2005-2742Oct 26, 2005risk 0.00cvss —epss 0.00
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the…
- CVE-2005-2741Oct 26, 2005risk 0.00cvss —epss 0.00
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
Page 29 of 34