ReportizFlow
Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X Server
Subscriptions
Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | ||||
| CVE-2007-0753 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | ||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | ||||
| CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | ||||
| CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | ||||
| CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | ||||
| CVE-2009-2823 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | ||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 6.5 Medium |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||||
| CVE-2009-2422 | 2 Apple, Rubyonrails | 3 Mac Os X, Mac Os X Server, Ruby On Rails | 2025-04-09 | 9.8 Critical |
| The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. | ||||
| CVE-2008-4222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. | ||||
| CVE-2008-4237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. | ||||
| CVE-2008-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | ||||
| CVE-2009-2800 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | ||||
| CVE-2008-0997 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. | ||||
| CVE-2009-2805 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | ||||
| CVE-2009-2812 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. | ||||
| CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | ||||
| CVE-2009-2824 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | ||||
| CVE-2009-2832 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | N/A |
| Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." | ||||
| CVE-2008-5183 | 4 Apple, Debian, Opensuse and 1 more | 6 Cups, Mac Os X, Mac Os X Server and 3 more | 2025-04-09 | 7.5 High |
| cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | ||||