Apple

macOS X Server

655 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-3622

  • EPSS 0.45%
  • Published 16.09.2008 23:00:01
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injecti...

9.3

CVE-2008-2305

  • EPSS 8.71%
  • Published 16.09.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

4.9

CVE-2008-2312

  • EPSS 0.07%
  • Published 16.09.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

1.9

CVE-2008-2329

  • EPSS 0.09%
  • Published 16.09.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

4.9

CVE-2008-2330

  • EPSS 0.07%
  • Published 16.09.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "ins...

4.6

CVE-2008-2324

  • EPSS 0.05%
  • Published 04.08.2008 01:41:00
  • Last modified 09.04.2025 00:30:58

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

6.8

CVE-2008-2309

  • EPSS 2.46%
  • Published 01.07.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the...

6.8

CVE-2008-2310

  • EPSS 0.86%
  • Published 01.07.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.

7.6

CVE-2008-2311

  • EPSS 2.89%
  • Published 01.07.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

4.6

CVE-2008-2313

  • EPSS 0.05%
  • Published 01.07.2008 18:41:00
  • Last modified 09.04.2025 00:30:58

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.