CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X Server » 10.3.9 : Security Vulnerabilities (Execute Code)

Cpe Name:cpe:/o:apple:mac_os_x_server:10.3.9
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-3723 119 DoS Exec Code Overflow Mem. Corr. 2012-09-20 2013-03-22
4.6
 None Local Low Not required Partial Partial Partial
Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.
2 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
3 CVE-2012-3719 20 Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
4 CVE-2012-0662 189 DoS Exec Code Overflow Mem. Corr. 2012-05-10 2012-05-29
7.5
 None Remote Low Not required Partial Partial Partial
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
5 CVE-2012-0660 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
6 CVE-2012-0659 189 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
7 CVE-2012-0658 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
8 CVE-2012-0654 119 DoS Exec Code Overflow 2012-05-10 2012-05-29
6.8
 None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
9 CVE-2012-0650 119 DoS Exec Code Overflow 2012-09-20 2012-09-21
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
10 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
11 CVE-2011-3227 20 DoS Exec Code 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
12 CVE-2011-3224 Exec Code 2011-10-14 2012-01-13
2.6
 None Remote High Not required None Partial None
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
13 CVE-2011-3223 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
14 CVE-2011-3222 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
15 CVE-2011-3221 94 DoS Exec Code 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
16 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
17 CVE-2011-0230 119 DoS Exec Code Overflow 2011-10-14 2012-01-13
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
18 CVE-2011-0229 119 Exec Code Overflow 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
19 CVE-2011-0224 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
 None Remote Medium Not required Partial Partial Partial
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
20 CVE-2009-2832 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
5.1
 None Remote High Not required Partial Partial Partial
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
21 CVE-2009-2808 310 Exec Code 2009-11-10 2009-11-17
5.4
 None Local Network Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
22 CVE-2007-2399 Exec Code Mem. Corr. 2007-06-25 2012-10-30
9.3
 Admin Remote Medium Not required Complete Complete Complete
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
23 CVE-2007-0753 134 Exec Code 2007-05-24 2008-09-05
7.2
 Admin Local Low Not required Complete Complete Complete
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
24 CVE-2007-0746 Exec Code Overflow 2007-04-24 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
25 CVE-2007-0736 Exec Code Overflow 2007-04-24 2008-09-05
9.3
 Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
26 CVE-2007-0735 DoS Exec Code 2007-04-24 2008-09-05
9.3
 Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
27 CVE-2007-0725 Exec Code Overflow 2007-04-24 2008-09-05
7.2
 Admin Local Low Not required Complete Complete Complete
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
28 CVE-2007-0722 Exec Code Overflow 2007-03-13 2008-09-05
6.8
 User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
29 CVE-2007-0721 Exec Code Mem. Corr. 2007-03-13 2008-09-05
6.8
 User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
30 CVE-2007-0719 Exec Code Overflow 2007-03-13 2008-09-05
6.8
 User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
31 CVE-2006-4866 Exec Code Overflow 2006-09-19 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
32 CVE-2006-3507 Exec Code Overflow 2006-09-21 2008-09-05
7.2
 Admin Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
33 CVE-2006-3505 DoS Exec Code 2006-08-02 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
34 CVE-2006-3498 Exec Code Overflow 2006-08-02 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
35 CVE-2006-3497 DoS Exec Code 2006-08-02 2011-04-07
5.1
 User Remote High Not required Partial Partial Partial
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
36 CVE-2006-1985 119 Exec Code Overflow 2006-04-21 2011-10-18
5.1
 User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
37 CVE-2006-1983 DoS Exec Code Overflow 2006-04-21 2008-09-10
6.4
 None Remote Low Not required None Partial Partial
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
38 CVE-2006-1982 Exec Code Overflow 2006-04-21 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
39 CVE-2006-1473 DoS Exec Code Overflow 2006-08-02 2008-09-05
5.0
 None Remote Low Not required None None Partial
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
40 CVE-2006-1456 Exec Code Overflow 2006-05-12 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.
41 CVE-2006-1220 Exec Code Overflow 2006-03-13 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
42 CVE-2006-0387 Exec Code Overflow 2006-03-06 2008-09-05
6.4
 None Remote Low Not required None Partial Partial
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
43 CVE-2006-0384 DoS Exec Code 2006-03-02 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
44 CVE-2005-3705 Exec Code Overflow 2005-11-30 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
45 CVE-2005-3700 Exec Code 2005-11-30 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
46 CVE-2005-2757 Exec Code Overflow 2005-11-30 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
47 CVE-2005-2744 Exec Code Overflow 2005-10-25 2008-09-05
5.1
 User Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
48 CVE-2005-2743 Exec Code 2005-10-25 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
49 CVE-2005-2507 Exec Code Overflow 2005-08-19 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
50 CVE-2005-2502 Exec Code Overflow 2005-08-19 2008-09-10
5.1
 User Remote High Not required Partial Partial Partial
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
Total number of vulnerabilities : 55   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.