Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-5183 |
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. Published: November 20, 2008; 9:30:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2008-4215 |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. Published: October 10, 2008; 6:30:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4214 |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. Published: October 10, 2008; 6:30:05 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2008-4212 |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Published: October 10, 2008; 6:30:05 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3647 |
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. Published: October 10, 2008; 6:30:05 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3645 |
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. Published: October 10, 2008; 6:30:04 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-3642 |
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. Published: October 10, 2008; 6:30:04 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3637 |
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." Published: September 26, 2008; 12:21:43 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2008-3621 |
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3616 |
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3611 |
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2008-3608 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2332 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2330 |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." Published: September 16, 2008; 7:00:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-2312 |
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. Published: September 16, 2008; 7:00:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-2305 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." Published: September 16, 2008; 7:00:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3634 |
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2008-3629 |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-2320 |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2321 |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |