VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2005-2741Oct 26, 2005
    risk 0.00cvss epss 0.00

    Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.

  • CVE-2005-2747Oct 25, 2005
    risk 0.00cvss epss 0.05

    Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

  • CVE-2005-2748Oct 25, 2005
    risk 0.00cvss epss 0.00

    The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

  • CVE-2005-2744Oct 25, 2005
    risk 0.00cvss epss 0.04

    Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

  • CVE-2005-2502Aug 19, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.

  • CVE-2005-2510Aug 19, 2005
    risk 0.00cvss epss 0.00

    The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less…

  • CVE-2005-2509Aug 19, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

  • CVE-2005-2506Aug 19, 2005
    risk 0.00cvss epss 0.01

    Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

  • CVE-2005-2503Aug 19, 2005
    risk 0.00cvss epss 0.00

    AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

  • CVE-2005-2501Aug 19, 2005
    risk 0.00cvss epss 0.04

    Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.

  • CVE-2005-2504Aug 19, 2005
    risk 0.00cvss epss 0.00

    The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

  • CVE-2005-2511Aug 19, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

  • CVE-2005-2507Aug 19, 2005
    risk 0.00cvss epss 0.06

    Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

  • CVE-2005-1722Jun 16, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.

  • CVE-2005-1474Jun 13, 2005
    risk 0.00cvss epss 0.01

    Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.

  • CVE-2005-1724Jun 8, 2005
    risk 0.00cvss epss 0.01

    NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.

  • CVE-2005-1723Jun 8, 2005
    risk 0.00cvss epss 0.01

    LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended…

  • CVE-2005-1727Jun 8, 2005
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."

  • CVE-2005-0972May 12, 2005
    risk 0.00cvss epss 0.00

    Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

  • CVE-2005-0594May 4, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.

Page 30 of 34