Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2741 | 0.00 | — | 0.00 | Oct 26, 2005 | Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||
| CVE-2005-2747 | 0.00 | — | 0.05 | Oct 25, 2005 | Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | |||
| CVE-2005-2748 | 0.00 | — | 0.00 | Oct 25, 2005 | The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. | |||
| CVE-2005-2744 | 0.00 | — | 0.04 | Oct 25, 2005 | Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | |||
| CVE-2005-2502 | 0.00 | — | 0.03 | Aug 19, 2005 | Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. | |||
| CVE-2005-2510 | 0.00 | — | 0.00 | Aug 19, 2005 | The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less… | |||
| CVE-2005-2509 | 0.00 | — | 0.00 | Aug 19, 2005 | Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. | |||
| CVE-2005-2506 | 0.00 | — | 0.01 | Aug 19, 2005 | Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates. | |||
| CVE-2005-2503 | 0.00 | — | 0.00 | Aug 19, 2005 | AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | |||
| CVE-2005-2501 | 0.00 | — | 0.04 | Aug 19, 2005 | Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. | |||
| CVE-2005-2504 | 0.00 | — | 0.00 | Aug 19, 2005 | The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | |||
| CVE-2005-2511 | 0.00 | — | 0.02 | Aug 19, 2005 | Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. | |||
| CVE-2005-2507 | 0.00 | — | 0.06 | Aug 19, 2005 | Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||
| CVE-2005-1722 | 0.00 | — | 0.00 | Jun 16, 2005 | Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | |||
| CVE-2005-1474 | 0.00 | — | 0.01 | Jun 13, 2005 | Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933. | |||
| CVE-2005-1724 | 0.00 | — | 0.01 | Jun 8, 2005 | NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions. | |||
| CVE-2005-1723 | 0.00 | — | 0.01 | Jun 8, 2005 | LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended… | |||
| CVE-2005-1727 | 0.00 | — | 0.00 | Jun 8, 2005 | Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | |||
| CVE-2005-0972 | 0.00 | — | 0.00 | May 12, 2005 | Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters. | |||
| CVE-2005-0594 | 0.00 | — | 0.01 | May 4, 2005 | Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. |
- CVE-2005-2741Oct 26, 2005risk 0.00cvss —epss 0.00
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
- CVE-2005-2747Oct 25, 2005risk 0.00cvss —epss 0.05
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
- CVE-2005-2748Oct 25, 2005risk 0.00cvss —epss 0.00
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
- CVE-2005-2744Oct 25, 2005risk 0.00cvss —epss 0.04
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
- CVE-2005-2502Aug 19, 2005risk 0.00cvss —epss 0.03
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
- CVE-2005-2510Aug 19, 2005risk 0.00cvss —epss 0.00
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less…
- CVE-2005-2509Aug 19, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
- CVE-2005-2506Aug 19, 2005risk 0.00cvss —epss 0.01
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
- CVE-2005-2503Aug 19, 2005risk 0.00cvss —epss 0.00
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
- CVE-2005-2501Aug 19, 2005risk 0.00cvss —epss 0.04
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
- CVE-2005-2504Aug 19, 2005risk 0.00cvss —epss 0.00
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
- CVE-2005-2511Aug 19, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
- CVE-2005-2507Aug 19, 2005risk 0.00cvss —epss 0.06
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
- CVE-2005-1722Jun 16, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.
- CVE-2005-1474Jun 13, 2005risk 0.00cvss —epss 0.01
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.
- CVE-2005-1724Jun 8, 2005risk 0.00cvss —epss 0.01
NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.
- CVE-2005-1723Jun 8, 2005risk 0.00cvss —epss 0.01
LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended…
- CVE-2005-1727Jun 8, 2005risk 0.00cvss —epss 0.00
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
- CVE-2005-0972May 12, 2005risk 0.00cvss —epss 0.00
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
- CVE-2005-0594May 4, 2005risk 0.00cvss —epss 0.01
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
Page 30 of 34