Vulnerabilities > Apple > MAC OS X Server > 10.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-16 | CVE-2008-2331 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | 5.0 |
2008-09-16 | CVE-2008-2330 | Information Exposure vulnerability in Apple mac OS X Server slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | 4.9 |
2008-09-16 | CVE-2008-2329 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | 1.9 |
2008-09-16 | CVE-2008-2305 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." | 9.3 |
2008-07-01 | CVE-2008-2314 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | 4.4 |
2008-07-01 | CVE-2008-2313 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | 4.6 |
2008-07-01 | CVE-2008-2311 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | 7.6 |
2008-07-01 | CVE-2008-2310 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | 6.8 |
2008-07-01 | CVE-2008-2309 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | 6.8 |
2008-05-05 | CVE-2008-0599 | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |