National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.3
There are 182 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1085

Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1086

Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1087

Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1088

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1089

Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.

Published: December 02, 2004; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2004-0743

Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.

Published: November 23, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0744

The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

Published: November 23, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Published: October 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0514

Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2004-0515

Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0516

Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0517

Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0518

Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.

Published: August 18, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0430

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2004-0486

HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.6 HIGH
CVE-2004-0428

Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.

Published: May 03, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-1006

Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.

Published: March 29, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2003-1009

Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.

Published: March 29, 2004; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-0165

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

Published: March 15, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM