cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
Max CVSS
10.0
EPSS Score
0.32%
Published
2010-03-30
Updated
2020-01-17
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.20%
Published
2010-03-30
Updated
2010-03-31
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Max CVSS
10.0
EPSS Score
94.14%
Published
2010-03-25
Updated
2017-09-19
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Max CVSS
9.8
EPSS Score
2.65%
Published
2009-07-10
Updated
2024-02-13
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
Max CVSS
9.3
EPSS Score
0.21%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
Max CVSS
9.3
EPSS Score
2.72%
Published
2010-01-20
Updated
2017-08-17
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
Max CVSS
9.3
EPSS Score
2.14%
Published
2010-01-20
Updated
2017-08-17
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.
Max CVSS
9.3
EPSS Score
0.85%
Published
2010-11-15
Updated
2011-01-12
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
Max CVSS
9.3
EPSS Score
1.19%
Published
2013-06-05
Updated
2013-06-05
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
Max CVSS
9.0
EPSS Score
0.14%
Published
2010-03-30
Updated
2010-03-31
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
Max CVSS
9.0
EPSS Score
0.13%
Published
2010-03-30
Updated
2010-06-21
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
Max CVSS
7.8
EPSS Score
0.16%
Published
2010-03-30
Updated
2010-03-31
AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.
Max CVSS
7.8
EPSS Score
0.16%
Published
2011-06-24
Updated
2011-06-27
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.
Max CVSS
7.6
EPSS Score
0.12%
Published
2011-10-14
Updated
2012-01-14
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Max CVSS
7.5
EPSS Score
3.62%
Published
2009-04-17
Updated
2021-04-05
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.91%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.26%
Published
2009-11-10
Updated
2009-11-17
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
Max CVSS
7.5
EPSS Score
0.27%
Published
2010-03-30
Updated
2010-03-31
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.42%
Published
2010-03-30
Updated
2010-03-31
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.28%
Published
2010-03-30
Updated
2013-09-10
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
14.63%
Published
2010-11-15
Updated
2010-12-10
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.02%
Published
2011-10-14
Updated
2012-01-14
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Max CVSS
7.5
EPSS Score
8.13%
Published
2011-06-21
Updated
2024-02-02
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-02-02
Updated
2012-02-03
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Max CVSS
7.5
EPSS Score
5.88%
Published
2012-02-02
Updated
2018-01-06
156 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!