Vulnerabilities > Apple > MAC OS X Server > 10.5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-21 | CVE-2011-1755 | XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |
| 2010-11-05 | CVE-2010-2941 | Use After Free vulnerability in multiple products ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | 9.8 |
| 2010-06-22 | CVE-2010-1637 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | 6.5 |
| 2010-03-05 | CVE-2010-0302 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
| 2009-11-20 | CVE-2009-3553 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
| 2009-08-11 | CVE-2009-2416 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | 6.5 |
| 2009-06-09 | CVE-2009-0949 | Use of Uninitialized Resource vulnerability in multiple products The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | 7.5 |
| 2009-05-13 | CVE-2009-0152 | Cleartext Storage of Sensitive Information vulnerability in Apple mac OS X and mac OS X Server iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2009-02-13 | CVE-2009-0141 | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X and mac OS X Server XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | 5.5 |
| 2008-11-21 | CVE-2008-5183 | NULL Pointer Dereference vulnerability in multiple products cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. | 7.5 |