VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2005-1337May 4, 2005
    risk 0.00cvss epss 0.01

    Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.

  • CVE-2005-1339May 4, 2005
    risk 0.00cvss epss 0.01

    lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.

  • CVE-2005-1335May 4, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."

  • CVE-2005-1331May 4, 2005
    risk 0.00cvss epss 0.02

    The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain…

  • CVE-2005-0594May 4, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.

  • CVE-2005-1332May 4, 2005
    risk 0.00cvss epss 0.02

    Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.

  • CVE-2005-1330May 4, 2005
    risk 0.00cvss epss 0.00

    AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.

  • CVE-2005-1343May 3, 2005
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.

  • CVE-2005-1430May 3, 2005
    risk 0.00cvss epss 0.00

    Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

  • CVE-2005-0127May 2, 2005
    risk 0.00cvss epss 0.03

    Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

  • CVE-2005-0126May 2, 2005
    risk 0.00cvss epss 0.03

    ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.

  • CVE-2005-0975May 2, 2005
    risk 0.00cvss epss 0.01

    Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.

  • CVE-2005-0125May 2, 2005
    risk 0.00cvss epss 0.00

    The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which…

  • CVE-2005-1043Apr 14, 2005
    risk 0.00cvss epss 0.02

    exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

  • CVE-2005-0715Mar 21, 2005
    risk 0.00cvss epss 0.00

    AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.

  • CVE-2004-0927Jan 27, 2005
    risk 0.00cvss epss 0.01

    ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.

  • CVE-2004-0922Jan 27, 2005
    risk 0.00cvss epss 0.01

    AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop…

  • CVE-2004-0923Jan 27, 2005
    risk 0.00cvss epss 0.00

    CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

  • CVE-2004-0925Jan 27, 2005
    risk 0.00cvss epss 0.01

    Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

  • CVE-2004-0924Jan 27, 2005
    risk 0.00cvss epss 0.01

    NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.

Page 31 of 34