VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2006-0848Feb 22, 2006
    risk 0.08cvss epss 0.58

    The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which…

  • CVE-2003-0694Oct 6, 2003
    risk 0.08cvss epss 0.60

    The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

  • CVE-2006-0395Aug 5, 2006
    risk 0.07cvss epss 0.54

    The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

  • CVE-2011-3026Feb 16, 2012
    risk 0.06cvss epss 0.73

    Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

  • CVE-2004-0430Jul 7, 2004
    risk 0.06cvss epss 0.41

    Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string…

  • CVE-2013-5704Apr 15, 2014
    risk 0.05cvss epss 0.60

    The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as…

  • CVE-2010-1119Mar 25, 2010
    risk 0.05cvss epss 0.19

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or…

  • CVE-2007-5863Dec 19, 2007
    risk 0.05cvss epss 0.23

    Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

  • CVE-2006-1982Apr 21, 2006
    risk 0.05cvss epss 0.20

    Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.

  • CVE-2003-0681Oct 6, 2003
    risk 0.05cvss epss 0.20

    A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

  • CVE-2013-0984Jun 5, 2013
    risk 0.04cvss epss 0.14

    Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

  • CVE-2010-1840Nov 15, 2010
    risk 0.04cvss epss 0.09

    Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2010-0520Mar 30, 2010
    risk 0.04cvss epss 0.19

    Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length…

  • CVE-2010-0519Mar 30, 2010
    risk 0.04cvss epss 0.09

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

  • CVE-2009-1236Apr 2, 2009
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort…

  • CVE-2007-6276Dec 7, 2007
    risk 0.04cvss epss 0.09

    The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

  • CVE-2007-2401Jun 25, 2007
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the…

  • CVE-2007-1071Feb 22, 2007
    risk 0.04cvss epss 0.18

    Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this…

  • CVE-2006-1470Jun 27, 2006
    risk 0.04cvss epss 0.08

    OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.

  • CVE-2006-1985Apr 21, 2006
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop…

Page 3 of 34