Vulnerabilities > Apple > MAC OS X Server > 10.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-21 | CVE-2008-5183 | NULL Pointer Dereference vulnerability in multiple products cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. | 7.5 |
| 2008-09-26 | CVE-2008-3638 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | 9.3 |
| 2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-09-16 | CVE-2008-3622 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | 4.3 |
| 2008-09-16 | CVE-2008-3621 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | 9.3 |
| 2008-09-16 | CVE-2008-3619 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |
| 2008-09-16 | CVE-2008-3617 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | 5.0 |
| 2008-09-16 | CVE-2008-3616 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. | 10.0 |
| 2008-09-16 | CVE-2008-3610 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | 7.6 |
| 2008-09-16 | CVE-2008-3609 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | 7.2 |