Vulnerabilities > Apple > MAC OS X Server > 10.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-02 | CVE-2008-1031 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | 9.3 |
2008-06-02 | CVE-2008-1030 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | 10.0 |
2008-06-02 | CVE-2008-1027 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | 4.3 |
2008-05-05 | CVE-2008-0599 | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |
2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
2007-12-19 | CVE-2007-5863 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | 9.3 |
2007-12-19 | CVE-2007-5860 | Multiple Security vulnerability in Apple Mac OS X v10.5.1 2007-009 Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | 7.2 |
2007-12-07 | CVE-2007-6276 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. | 7.8 |