Filtered by vendor Apple Subscriptions
Filtered by product Mac Os X Server Subscriptions
Total 817 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-4223 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
CVE-2008-4222 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
CVE-2008-4221 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
CVE-2008-4220 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
CVE-2008-4219 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.
CVE-2008-4218 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
CVE-2008-4217 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
CVE-2008-4215 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.
CVE-2008-4214 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.
CVE-2008-4212 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
CVE-2008-4211 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2024-11-21 N/A
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
CVE-2008-3647 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
CVE-2008-3645 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
CVE-2008-3643 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."
CVE-2008-3642 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
CVE-2008-3638 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
CVE-2008-3637 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 8.8 High
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
CVE-2008-3634 1 Apple 3 Itunes, Mac Os X, Mac Os X Server 2024-11-21 N/A
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
CVE-2008-3629 2 Apple, Microsoft 6 Mac Os X, Mac Os X Server, Quicktime and 3 more 2024-11-21 N/A
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
CVE-2008-3622 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."