VYPR

Mac OS X Server

by Apple Inc.

CVEs (668)

  • CVE-2005-2508Aug 19, 2005
    risk 0.03cvss epss 0.01

    dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.

  • CVE-2005-1725Jun 8, 2005
    risk 0.03cvss epss 0.01

    launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.

  • CVE-2005-0342May 2, 2005
    risk 0.03cvss epss 0.01

    The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

  • CVE-2005-0713Mar 21, 2005
    risk 0.03cvss epss 0.01

    The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.

  • CVE-2005-0716Mar 21, 2005
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.

  • CVE-2003-1006Mar 29, 2004
    risk 0.03cvss epss 0.01

    Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.

  • CVE-2003-0171May 5, 2003
    risk 0.03cvss epss 0.01

    DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

  • CVE-2015-5986Sep 5, 2015
    risk 0.02cvss epss 0.26

    openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

  • CVE-2015-3165May 28, 2015
    risk 0.01cvss epss 0.09

    Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will…

  • CVE-2014-3583Dec 15, 2014
    risk 0.01cvss epss 0.11

    The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

  • CVE-2012-3716Sep 20, 2012
    risk 0.01cvss epss 0.07

    CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

  • CVE-2010-1411Jun 17, 2010
    risk 0.01cvss epss 0.13

    Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-2193Aug 6, 2009
    risk 0.01cvss epss 0.09

    Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

  • CVE-2009-2188Aug 6, 2009
    risk 0.01cvss epss 0.08

    Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

  • CVE-2009-1726Aug 6, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

  • CVE-2009-0946Apr 17, 2009
    risk 0.01cvss epss 0.09

    Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

  • CVE-2008-4211Oct 10, 2008
    risk 0.01cvss epss 0.07

    Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via…

  • CVE-2008-1574Jun 2, 2008
    risk 0.01cvss epss 0.07

    Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

  • CVE-2007-4689Nov 15, 2007
    risk 0.01cvss epss 0.07

    Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

  • CVE-2007-3744Aug 3, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

Page 5 of 34