Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X Server
Total 817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4680 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 6.8 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-4678 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.1 HIGH N/A
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
CVE-2007-4269 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.
CVE-2007-3798 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Mac Os X Server, Ubuntu Linux and 4 more 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-3748 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2024-11-21 5.4 MEDIUM N/A
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2007-3747 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2024-11-21 6.8 MEDIUM N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2007-3746 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2024-11-21 6.8 MEDIUM N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2007-3745 1 Apple 3 Core Audio Technologies, Mac Os X, Mac Os X Server 2024-11-21 6.8 MEDIUM N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
CVE-2007-3744 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 5.8 MEDIUM N/A
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2007-2410 1 Apple 3 Mac Os X, Mac Os X Server, Webcore 2024-11-21 4.3 MEDIUM N/A
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2007-2409 1 Apple 3 Mac Os X, Mac Os X Server, Webcore 2024-11-21 4.3 MEDIUM N/A
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.
CVE-2007-2407 2 Apple, Samba 3 Mac Os X, Mac Os X Server, Samba Server 2024-11-21 4.0 MEDIUM N/A
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
CVE-2007-2406 1 Apple 3 Mac Os X, Mac Os X Server, Quartz Composer 2024-11-21 6.8 MEDIUM N/A
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file.
CVE-2007-2405 1 Apple 3 Mac Os X, Mac Os X Server, Pdfkit 2024-11-21 6.8 MEDIUM N/A
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2007-2404 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 5.0 MEDIUM N/A
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
CVE-2007-2403 1 Apple 3 Cfnetwork, Mac Os X, Mac Os X Server 2024-11-21 6.8 MEDIUM N/A
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers.
CVE-2007-2401 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2024-11-21 4.3 MEDIUM N/A
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
CVE-2007-2399 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2024-11-21 9.3 HIGH N/A
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
CVE-2007-1884 4 Apple, Linux, Microsoft and 1 more 6 Mac Os X, Mac Os X Server, Linux Kernel and 3 more 2024-11-21 6.8 MEDIUM N/A
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.
CVE-2007-1863 2 Apache, Apple 2 Http Server, Mac Os X Server 2024-11-21 5.0 MEDIUM N/A
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.