Apple » Mac Os X Server » 10.5.4 : Security Vulnerabilities, CVEs, CVSS score >= 8
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
Max CVSS
9.3
EPSS Score
1.19%
Published
2013-06-05
Updated
2013-06-05
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Max CVSS
9.8
EPSS Score
69.07%
Published
2010-11-05
Updated
2024-02-02
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Max CVSS
10.0
EPSS Score
94.14%
Published
2010-03-25
Updated
2017-09-19
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
Max CVSS
9.0
EPSS Score
0.14%
Published
2010-03-30
Updated
2010-03-31
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.20%
Published
2010-03-30
Updated
2010-03-31
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
Max CVSS
10.0
EPSS Score
4.42%
Published
2009-08-06
Updated
2017-08-17
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
Max CVSS
9.3
EPSS Score
4.77%
Published
2009-08-06
Updated
2017-08-17
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
Max CVSS
9.3
EPSS Score
11.45%
Published
2009-08-06
Updated
2017-09-29
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
Max CVSS
10.0
EPSS Score
8.23%
Published
2009-04-02
Updated
2017-09-29
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
Max CVSS
10.0
EPSS Score
0.29%
Published
2008-12-17
Updated
2011-03-08
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
Max CVSS
9.3
EPSS Score
4.59%
Published
2008-12-17
Updated
2017-08-08
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.25%
Published
2008-12-17
Updated
2011-03-08
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
Max CVSS
10.0
EPSS Score
0.35%
Published
2008-12-17
Updated
2011-03-08
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
Max CVSS
10.0
EPSS Score
0.51%
Published
2008-12-17
Updated
2011-03-08
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
12.51%
Published
2008-12-17
Updated
2011-03-08
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
Max CVSS
9.3
EPSS Score
0.91%
Published
2008-09-26
Updated
2017-08-08
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
Max CVSS
9.3
EPSS Score
2.38%
Published
2008-09-26
Updated
2024-02-15
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
Max CVSS
9.3
EPSS Score
3.00%
Published
2008-09-16
Updated
2017-08-08
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
Max CVSS
10.0
EPSS Score
0.32%
Published
2008-09-16
Updated
2017-08-08
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
Max CVSS
9.3
EPSS Score
0.59%
Published
2008-09-16
Updated
2017-08-08
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
Max CVSS
9.3
EPSS Score
0.59%
Published
2008-09-16
Updated
2017-08-08
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
Max CVSS
9.3
EPSS Score
3.11%
Published
2008-09-16
Updated
2017-08-08
22 vulnerabilities found