Mac Os Server Security Vulnerabilities
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing...
8.4AI Score
0.002EPSS
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an...
7.6AI Score
0.003EPSS
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain...
9AI Score
0.0004EPSS
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted...
7.5AI Score
0.0004EPSS
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop...
8.6AI Score
0.0004EPSS
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to...
6.4AI Score
0.001EPSS
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted...
6.2AI Score
0.002EPSS
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal...
9.7AI Score
0.002EPSS
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is...
9.4AI Score
0.0004EPSS
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during...
9.9AI Score
0.024EPSS
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to...
6.1AI Score
0.0004EPSS
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different...
8.5AI Score
0.002EPSS
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive...
8.5AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown...
8AI Score
0.008EPSS
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid...
6AI Score
0.0004EPSS
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user...
8.8AI Score
0.0004EPSS
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary...
7.2AI Score
0.006EPSS
The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the...
6.7AI Score
0.004EPSS
lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full...
6.3AI Score
0.003EPSS
Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in...
6.7AI Score
0.0004EPSS
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root...
6.6AI Score
0.0004EPSS
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race...
5.9AI Score
0.0004EPSS
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other...
6.3AI Score
0.0004EPSS
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequenc...
6.8AI Score
0.001EPSS
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension...
7.6AI Score
0.001EPSS
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as...
7.2AI Score
0.002EPSS
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem...
6.7AI Score
0.0004EPSS
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified...
7.9AI Score
0.002EPSS
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2...
7.8AI Score
0.004EPSS
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup...
6.8AI Score
0.0004EPSS
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired...
8.2AI Score
0.003EPSS
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection...
8.3AI Score
0.002EPSS
Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified...
8.8AI Score
0.003EPSS
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted...
9.2AI Score
0.003EPSS
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as....
8.9AI Score
0.003EPSS
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other...
8.2AI Score
0.0004EPSS
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the...
8.6AI Score
0.002EPSS
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP...
8.3AI Score
0.002EPSS
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF...
9.1AI Score
0.001EPSS
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified...
8AI Score
0.0004EPSS
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java...
8.7AI Score
0.002EPSS
Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified...
8.1AI Score
0.002EPSS
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2...
9.3AI Score
0.005EPSS
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share...
8.1AI Score
0.002EPSS
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file...
9.1AI Score
0.008EPSS
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified...
9.3AI Score
0.005EPSS
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack...
8.6AI Score
0.002EPSS
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen...
7.9AI Score
0.002EPSS
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified...
8.3AI Score
0.003EPSS
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount...
8.4AI Score
0.003EPSS