National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.5.1
There are 253 matching records.
Displaying matches 241 through 253.
Vuln ID Summary CVSS Severity
CVE-2008-1032

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 2.1 LOW
CVE-2008-1036

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 7.1 HIGH
CVE-2008-1574

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 9.3 HIGH
CVE-2008-1575

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 9.3 HIGH
CVE-2008-1577

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 9.3 HIGH
CVE-2008-1578

The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 2.1 LOW
CVE-2008-1579

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.

Published: June 02, 2008; 05:30:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2007-5860

Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."

Published: December 19, 2007; 04:46:00 PM -05:00
V2: 7.2 HIGH
CVE-2007-5863

Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

Published: December 19, 2007; 04:46:00 PM -05:00
V2: 9.3 HIGH
CVE-2007-6276

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

Published: December 07, 2007; 06:46:00 AM -05:00
V2: 7.8 HIGH