Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X Server
Total 817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0510 1 Apple 1 Mac Os X Server 2025-04-11 9.0 HIGH N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2011-0194 1 Apple 3 Imageio, Mac Os X, Mac Os X Server 2025-04-11 6.8 MEDIUM N/A
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
CVE-2010-1762 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
CVE-2010-1844 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 7.1 HIGH N/A
Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.
CVE-2011-3214 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 4.6 MEDIUM N/A
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.
CVE-2010-1384 2 Apple, Microsoft 6 Mac Os X, Mac Os X Server, Safari and 3 more 2025-04-11 4.3 MEDIUM N/A
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.
CVE-2011-3216 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 2.1 LOW N/A
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
CVE-2011-0232 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
CVE-2011-0234 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
CVE-2010-1847 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 4.9 MEDIUM N/A
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2010-0497 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 6.8 MEDIUM N/A
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
CVE-2011-1132 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 4.9 MEDIUM N/A
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.
CVE-2010-3808 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE-2011-3462 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 5.0 MEDIUM N/A
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.
CVE-2010-1791 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
CVE-2011-0202 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 6.8 MEDIUM N/A
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.
CVE-2010-0036 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 9.3 HIGH 7.8 HIGH
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
CVE-2010-1374 2 Aol, Apple 3 Aim, Mac Os X, Mac Os X Server 2025-04-11 4.3 MEDIUM N/A
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
CVE-2012-0675 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 4.3 MEDIUM N/A
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
CVE-2010-1841 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 9.3 HIGH N/A
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.