Apple

macOS X Server

655 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2008-1573

  • EPSS 0.78%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

9.3

CVE-2008-1574

  • EPSS 6.44%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

9.3

CVE-2008-1575

  • EPSS 6.47%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that oc...

9.3

CVE-2008-1577

  • EPSS 4.31%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memo...

2.1

CVE-2008-1578

  • EPSS 0.07%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

5

CVE-2008-1579

  • EPSS 0.53%
  • Published 02.06.2008 21:30:00
  • Last modified 09.04.2025 00:30:58

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

10

CVE-2008-0599

Exploit
  • EPSS 52.94%
  • Published 05.05.2008 17:20:00
  • Last modified 09.04.2025 00:30:58

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

7.5

CVE-2008-0063

  • EPSS 4.75%
  • Published 19.03.2008 10:44:00
  • Last modified 09.04.2025 00:30:58

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

6.8

CVE-2008-0052

  • EPSS 1.83%
  • Published 18.03.2008 23:44:00
  • Last modified 09.04.2025 00:30:58

CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

6.4

CVE-2008-0054

  • EPSS 1.39%
  • Published 18.03.2008 23:44:00
  • Last modified 09.04.2025 00:30:58

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.