Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0848 | 0.08 | — | 0.58 | Feb 22, 2006 | The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which… | |||
| CVE-2003-0694 | 0.08 | — | 0.60 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||
| CVE-2006-0395 | 0.07 | — | 0.54 | Aug 5, 2006 | The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||
| CVE-2011-3026 | 0.06 | — | 0.73 | Feb 16, 2012 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | |||
| CVE-2004-0430 | 0.06 | — | 0.41 | Jul 7, 2004 | Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string… | |||
| CVE-2013-5704 | 0.05 | — | 0.60 | Apr 15, 2014 | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as… | |||
| CVE-2010-1119 | 0.05 | — | 0.19 | Mar 25, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or… | |||
| CVE-2007-5863 | 0.05 | — | 0.23 | Dec 19, 2007 | Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | |||
| CVE-2006-1982 | 0.05 | — | 0.20 | Apr 21, 2006 | Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. | |||
| CVE-2003-0681 | 0.05 | — | 0.20 | Oct 6, 2003 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||
| CVE-2013-0984 | 0.04 | — | 0.14 | Jun 5, 2013 | Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | |||
| CVE-2010-1840 | 0.04 | — | 0.09 | Nov 15, 2010 | Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-0520 | 0.04 | — | 0.19 | Mar 30, 2010 | Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length… | |||
| CVE-2010-0519 | 0.04 | — | 0.09 | Mar 30, 2010 | Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. | |||
| CVE-2009-1236 | 0.04 | — | 0.08 | Apr 2, 2009 | Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort… | |||
| CVE-2007-6276 | 0.04 | — | 0.09 | Dec 7, 2007 | The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. | |||
| CVE-2007-2401 | 0.04 | — | 0.07 | Jun 25, 2007 | CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the… | |||
| CVE-2007-1071 | 0.04 | — | 0.18 | Feb 22, 2007 | Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this… | |||
| CVE-2006-1470 | 0.04 | — | 0.08 | Jun 27, 2006 | OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. | |||
| CVE-2006-1985 | 0.04 | — | 0.14 | Apr 21, 2006 | Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop… |
- CVE-2006-0848Feb 22, 2006risk 0.08cvss —epss 0.58
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which…
- CVE-2003-0694Oct 6, 2003risk 0.08cvss —epss 0.60
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
- CVE-2006-0395Aug 5, 2006risk 0.07cvss —epss 0.54
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
- CVE-2011-3026Feb 16, 2012risk 0.06cvss —epss 0.73
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
- CVE-2004-0430Jul 7, 2004risk 0.06cvss —epss 0.41
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string…
- CVE-2013-5704Apr 15, 2014risk 0.05cvss —epss 0.60
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as…
- CVE-2010-1119Mar 25, 2010risk 0.05cvss —epss 0.19
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or…
- CVE-2007-5863Dec 19, 2007risk 0.05cvss —epss 0.23
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
- CVE-2006-1982Apr 21, 2006risk 0.05cvss —epss 0.20
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
- CVE-2003-0681Oct 6, 2003risk 0.05cvss —epss 0.20
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
- CVE-2013-0984Jun 5, 2013risk 0.04cvss —epss 0.14
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
- CVE-2010-1840Nov 15, 2010risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-0520Mar 30, 2010risk 0.04cvss —epss 0.19
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length…
- CVE-2010-0519Mar 30, 2010risk 0.04cvss —epss 0.09
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
- CVE-2009-1236Apr 2, 2009risk 0.04cvss —epss 0.08
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort…
- CVE-2007-6276Dec 7, 2007risk 0.04cvss —epss 0.09
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
- CVE-2007-2401Jun 25, 2007risk 0.04cvss —epss 0.07
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the…
- CVE-2007-1071Feb 22, 2007risk 0.04cvss —epss 0.18
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this…
- CVE-2006-1470Jun 27, 2006risk 0.04cvss —epss 0.08
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
- CVE-2006-1985Apr 21, 2006risk 0.04cvss —epss 0.14
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop…
Page 3 of 34