Vulnerabilities > Apple > MAC OS X Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-23 | CVE-2011-0178 | Information Exposure vulnerability in Apple Carboncore, mac OS X and mac OS X Server The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | 2.1 |
| 2011-03-23 | CVE-2011-0180 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | 2.1 |
| 2010-11-16 | CVE-2010-3797 | Cross-Site Scripting vulnerability in Apple mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2010-07-30 | CVE-2010-1796 | Information Exposure vulnerability in Apple Safari and Webkit The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 2.6 |
| 2010-06-17 | CVE-2010-0546 | Link Following vulnerability in Apple mac OS X and mac OS X Server Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | 3.3 |
| 2010-06-17 | CVE-2010-1381 | Configuration vulnerability in Apple mac OS X and mac OS X Server The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. | 3.5 |
| 2010-06-17 | CVE-2010-1382 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | 3.5 |
| 2010-03-30 | CVE-2010-0537 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | 2.6 |
| 2009-02-13 | CVE-2009-0013 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | 2.1 |
| 2009-02-13 | CVE-2009-0014 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. | 2.1 |