Mac OS X Server
by Apple Inc.
CVEs (668)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2508 | 0.03 | — | 0.01 | Aug 19, 2005 | dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts. | |||
| CVE-2005-1725 | 0.03 | — | 0.01 | Jun 8, 2005 | launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. | |||
| CVE-2005-0342 | 0.03 | — | 0.01 | May 2, 2005 | The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. | |||
| CVE-2005-0713 | 0.03 | — | 0.01 | Mar 21, 2005 | The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. | |||
| CVE-2005-0716 | 0.03 | — | 0.01 | Mar 21, 2005 | Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable. | |||
| CVE-2003-1006 | 0.03 | — | 0.01 | Mar 29, 2004 | Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. | |||
| CVE-2003-0171 | 0.03 | — | 0.01 | May 5, 2003 | DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | |||
| CVE-2015-5986 | 0.02 | — | 0.26 | Sep 5, 2015 | openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. | |||
| CVE-2015-3165 | 0.01 | — | 0.09 | May 28, 2015 | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will… | |||
| CVE-2014-3583 | 0.01 | — | 0.11 | Dec 15, 2014 | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. | |||
| CVE-2012-3716 | 0.01 | — | 0.07 | Sep 20, 2012 | CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph. | |||
| CVE-2010-1411 | 0.01 | — | 0.13 | Jun 17, 2010 | Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2009-2193 | 0.01 | — | 0.09 | Aug 6, 2009 | Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. | |||
| CVE-2009-2188 | 0.01 | — | 0.08 | Aug 6, 2009 | Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. | |||
| CVE-2009-1726 | 0.01 | — | 0.08 | Aug 6, 2009 | Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. | |||
| CVE-2009-0946 | 0.01 | — | 0.09 | Apr 17, 2009 | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | |||
| CVE-2008-4211 | 0.01 | — | 0.07 | Oct 10, 2008 | Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via… | |||
| CVE-2008-1574 | 0.01 | — | 0.07 | Jun 2, 2008 | Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. | |||
| CVE-2007-4689 | 0.01 | — | 0.07 | Nov 15, 2007 | Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. | |||
| CVE-2007-3744 | 0.01 | — | 0.07 | Aug 3, 2007 | Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. |
- CVE-2005-2508Aug 19, 2005risk 0.03cvss —epss 0.01
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.
- CVE-2005-1725Jun 8, 2005risk 0.03cvss —epss 0.01
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
- CVE-2005-0342May 2, 2005risk 0.03cvss —epss 0.01
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
- CVE-2005-0713Mar 21, 2005risk 0.03cvss —epss 0.01
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
- CVE-2005-0716Mar 21, 2005risk 0.03cvss —epss 0.01
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
- CVE-2003-1006Mar 29, 2004risk 0.03cvss —epss 0.01
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
- CVE-2003-0171May 5, 2003risk 0.03cvss —epss 0.01
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
- CVE-2015-5986Sep 5, 2015risk 0.02cvss —epss 0.26
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
- CVE-2015-3165May 28, 2015risk 0.01cvss —epss 0.09
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will…
- CVE-2014-3583Dec 15, 2014risk 0.01cvss —epss 0.11
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
- CVE-2012-3716Sep 20, 2012risk 0.01cvss —epss 0.07
CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.
- CVE-2010-1411Jun 17, 2010risk 0.01cvss —epss 0.13
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service…
- CVE-2009-2193Aug 6, 2009risk 0.01cvss —epss 0.09
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
- CVE-2009-2188Aug 6, 2009risk 0.01cvss —epss 0.08
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
- CVE-2009-1726Aug 6, 2009risk 0.01cvss —epss 0.08
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
- CVE-2009-0946Apr 17, 2009risk 0.01cvss —epss 0.09
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
- CVE-2008-4211Oct 10, 2008risk 0.01cvss —epss 0.07
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via…
- CVE-2008-1574Jun 2, 2008risk 0.01cvss —epss 0.07
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
- CVE-2007-4689Nov 15, 2007risk 0.01cvss —epss 0.07
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
- CVE-2007-3744Aug 3, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
Page 5 of 34