Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X Server
Total 817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1661 2 Apple, Pcre 3 Mac Os X, Mac Os X Server, Perl-compatible Regular Expression Library 2024-11-21 6.4 MEDIUM N/A
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
CVE-2007-1071 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.8 HIGH N/A
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
CVE-2007-0897 3 Apple, Clamav, Debian 3 Mac Os X Server, Clamav, Debian Linux 2024-11-21 4.3 MEDIUM 7.5 HIGH
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
CVE-2007-0753 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2007-0752 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
CVE-2007-0751 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 2.1 LOW N/A
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
CVE-2007-0750 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 9.3 HIGH N/A
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
CVE-2007-0749 1 Apple 2 Darwin Streaming Server, Mac Os X Server 2024-11-21 10.0 HIGH N/A
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
CVE-2007-0748 1 Apple 2 Darwin Streaming Server, Mac Os X Server 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
CVE-2007-0747 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0746 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 10.0 HIGH N/A
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
CVE-2007-0745 1 Apple 1 Mac Os X Server 2024-11-21 7.1 HIGH N/A
The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.
CVE-2007-0744 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0736 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 9.3 HIGH N/A
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
CVE-2007-0735 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
CVE-2007-0732 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 7.2 HIGH N/A
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."
CVE-2007-0731 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
CVE-2007-0729 1 Apple 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server 2024-11-21 7.2 HIGH N/A
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0728 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 4.4 MEDIUM N/A
Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.
CVE-2007-0726 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 5.0 MEDIUM N/A
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.