Every CVE whose affected-product data names Apple Mac Os X Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2007-4691 — CVSS 10.0 (critical): The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended…
CVE-2010-1119 — CVSS 10.0 (critical): Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X…
CVE-2005-2511 — CVSS 10.0 (critical): Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a…
CVE-2004-0926 — CVSS 10.0 (critical): Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a…
CVE-2004-0539 — CVSS 10.0 (critical): The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow…
CVE-2006-3498 — CVSS 10.0 (critical): Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute…
CVE-2009-1236 — CVSS 10.0 (critical): Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows…
CVE-2008-1030 — CVSS 10.0 (critical): Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows…
CVE-2009-0138 — CVSS 10.0 (critical): servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers…
CVE-2007-0746 — CVSS 10.0 (critical): Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute…
CVE-2015-5911 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact…
CVE-2009-2193 — CVSS 10.0 (critical): Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2007-4689 — CVSS 10.0 (critical): Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of…
CVE-2008-4237 — CVSS 10.0 (critical): Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which…
CVE-2003-1009 — CVSS 10.0 (critical): Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication…
CVE-2009-0012 — CVSS 10.0 (critical): Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode…
CVE-2008-3616 — CVSS 10.0 (critical): Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to…
CVE-2007-4703 — CVSS 10.0 (critical): The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block…
CVE-2008-4211 — CVSS 10.0 (critical): Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS…
CVE-2008-4212 — CVSS 10.0 (critical): Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite…
CVE-2007-0117 — CVSS 10.0 (critical): DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which…
CVE-2008-4220 — CVSS 10.0 (critical): Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute…
CVE-2008-4221 — CVSS 10.0 (critical): The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory…
CVE-2008-4223 — CVSS 10.0 (critical): Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via…
CVE-2010-0055 — CVSS 10.0 (critical): xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a…
CVE-2010-0508 — CVSS 10.0 (critical): Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact…
CVE-2004-0090 — CVSS 10.0 (critical): Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and…
CVE-2003-0694 — CVSS 10.0 (critical): The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated…
CVE-2005-1689 — CVSS 9.8 (critical): Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute…
CVE-2010-2941 — CVSS 9.8 (critical): ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which…
CVE-2003-0466 — CVSS 9.8 (critical): Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary…
CVE-2010-1378 — CVSS 9.8 (critical): OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509…
CVE-2009-2422 — CVSS 9.8 (critical): The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an…
CVE-2007-3798 — CVSS 9.8 (critical): Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via…
CVE-2008-0599 — CVSS 9.8 (critical): The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating…
CVE-2010-0211 — CVSS 9.8 (critical): The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which…
CVE-2002-1347 — CVSS 9.8 (critical): Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute…
CVE-2010-1205 — CVSS 9.8 (critical): Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote…
CVE-2013-0984 — CVSS 9.3 (critical): Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon…
CVE-2007-0750 — CVSS 9.3 (critical): Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service…
CVE-2010-1841 — CVSS 9.3 (critical): Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2008-1574 — CVSS 9.3 (critical): Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2008-1575 — CVSS 9.3 (critical): Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote…
CVE-2008-1577 — CVSS 9.3 (critical): Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute…
CVE-2007-0736 — CVSS 9.3 (critical): Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code…
CVE-2008-2305 — CVSS 9.3 (critical): Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to…
CVE-2009-0139 — CVSS 9.3 (critical): Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or…
CVE-2010-1842 — CVSS 9.3 (critical): Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2009-2188 — CVSS 9.3 (critical): Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code…
CVE-2009-1726 — CVSS 9.3 (critical): Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code…
CVE-2007-4687 — CVSS 9.3 (critical): The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root…
CVE-2007-0735 — CVSS 9.3 (critical): Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service…
CVE-2007-0731 — CVSS 9.3 (critical): Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows…
CVE-2008-2332 — CVSS 9.3 (critical): ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory…
CVE-2008-3608 — CVSS 9.3 (critical): ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory…
CVE-2008-4234 — CVSS 9.3 (critical): Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote…
CVE-2006-6061 — CVSS 9.3 (critical): com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code…
CVE-2008-3621 — CVSS 9.3 (critical): VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption…
CVE-2008-3638 — CVSS 9.3 (critical): Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute…
CVE-2008-3642 — CVSS 9.3 (critical): Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination)…
CVE-2008-3647 — CVSS 9.3 (critical): Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application…
CVE-2009-0140 — CVSS 9.3 (critical): Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service…
CVE-2007-2399 — CVSS 9.3 (critical): WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote…
CVE-2009-2819 — CVSS 9.3 (critical): AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and…
CVE-2008-1028 — CVSS 9.3 (critical): Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause…
CVE-2007-4702 — CVSS 9.3 (critical): The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or…
CVE-2010-1377 — CVSS 9.3 (critical): Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows…
CVE-2008-4217 — CVSS 9.3 (critical): Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a…
CVE-2010-0512 — CVSS 9.3 (critical): The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login…
CVE-2008-1031 — CVSS 9.3 (critical): CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application…
CVE-2007-5863 — CVSS 9.3 (critical): Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack…
CVE-2010-0510 — CVSS 9.0 (critical): Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote…
CVE-2010-0522 — CVSS 9.0 (critical): Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin…
CVE-2007-4690 — CVSS 9.0 (critical): Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute…
CVE-2010-0037 — CVSS 8.8 (high): Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2008-3637 — CVSS 8.8 (high): The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized…
CVE-2008-1000 — CVSS 8.5 (high): Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated…
CVE-2007-0723 — CVSS 8.5 (high): Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through…
CVE-2006-5051 — CVSS 8.1 (high): Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute…
CVE-2009-0018 — CVSS 7.8 (high): The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to…
CVE-2008-3643 — CVSS 7.8 (high): Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination…
CVE-2010-0500 — CVSS 7.8 (high): Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a…
CVE-2011-0196 — CVSS 7.8 (high): AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on…
CVE-2006-1455 — CVSS 7.8 (high): QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection…
CVE-2015-5722 — CVSS 7.8 (high): buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service…
CVE-2007-1071 — CVSS 7.8 (high): Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service…
CVE-2009-0020 — CVSS 7.8 (high): Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service…
CVE-2010-0036 — CVSS 7.8 (high): Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2010-1843 — CVSS 7.8 (high): Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2005-4504 — CVSS 7.8 (high): The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit…
CVE-2007-6276 — CVSS 7.8 (high): The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers…
CVE-2010-1816 — CVSS 7.8 (high): Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute…
CVE-2010-1821 — CVSS 7.8 (high): Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.
CVE-2009-2190 — CVSS 7.8 (high): launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making…
CVE-2008-3610 — CVSS 7.6 (high): Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass…
CVE-2008-2311 — CVSS 7.6 (high): Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a…
CVE-2011-3213 — CVSS 7.6 (high): The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually…
CVE-2005-2501 — CVSS 7.6 (high): Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted…
CVE-2004-0486 — CVSS 7.6 (high): HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code…
CVE-2005-1723 — CVSS 7.5 (high): LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform…
CVE-2009-0019 — CVSS 7.5 (high): Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or…
CVE-2004-0803 — CVSS 7.5 (high): Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2005-0126 — CVSS 7.5 (high): ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
CVE-2008-0063 — CVSS 7.5 (high): The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error…
CVE-2004-0079 — CVSS 7.5 (high): The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service…
CVE-2008-5183 — CVSS 7.5 (high): cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a…
CVE-2011-0206 — CVSS 7.5 (high): Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute…
CVE-2005-0373 — CVSS 7.5 (high): Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL…
CVE-2014-1256 — CVSS 7.5 (high): Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism…
CVE-2011-0201 — CVSS 7.5 (high): Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary…
CVE-2004-0823 — CVSS 7.5 (high): OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain…
CVE-2010-0302 — CVSS 7.5 (high): Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…
CVE-2009-3553 — CVSS 7.5 (high): Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…
CVE-2005-1332 — CVSS 7.5 (high): Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to…
CVE-2003-0871 — CVSS 7.5 (high): Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a…
CVE-2005-1337 — CVSS 7.5 (high): Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive…
CVE-2005-1339 — CVSS 7.5 (high): lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.
CVE-2003-0049 — CVSS 7.5 (high): Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
CVE-2008-4215 — CVSS 7.5 (high): Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a…
CVE-2005-1474 — CVSS 7.5 (high): Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different…
CVE-2005-1724 — CVSS 7.5 (high): NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone…
CVE-2009-2833 — CVSS 7.5 (high): Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent…
CVE-2005-2507 — CVSS 7.5 (high): Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
CVE-2010-1840 — CVSS 7.5 (high): Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before…
CVE-2012-3716 — CVSS 7.5 (high): CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2009-2828 — CVSS 7.5 (high): The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2012-0662 — CVSS 7.5 (high): Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a…
CVE-2005-2743 — CVSS 7.5 (high): The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system…
CVE-2016-1777 — CVSS 7.5 (high): Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic…
CVE-2003-0601 — CVSS 7.5 (high): Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the…
CVE-2005-2747 — CVSS 7.5 (high): Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to…
CVE-2005-2757 — CVSS 7.5 (high): Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary…
CVE-2004-0167 — CVSS 7.5 (high): DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
CVE-2005-3705 — CVSS 7.5 (high): Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote…
CVE-2004-0921 — CVSS 7.5 (high): AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts"…
CVE-2012-0650 — CVSS 7.5 (high): Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute…
CVE-2005-4217 — CVSS 7.5 (high): Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to…
CVE-2003-0681 — CVSS 7.5 (high): A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3)…
CVE-2006-0384 — CVSS 7.5 (high): automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary…
CVE-2011-3460 — CVSS 7.5 (high): Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2009-2192 — CVSS 7.5 (high): MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it…
CVE-2004-1083 — CVSS 7.5 (high): Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses…
CVE-2009-2191 — CVSS 7.5 (high): Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or…
CVE-2006-0397 — CVSS 7.5 (high): Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user…
CVE-2006-0398 — CVSS 7.5 (high): Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user…
CVE-2006-0399 — CVSS 7.5 (high): Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user…
CVE-2006-0400 — CVSS 7.5 (high): CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other…
CVE-2010-1380 — CVSS 7.5 (high): Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute…
CVE-2011-3457 — CVSS 7.5 (high): The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which…
CVE-2006-1456 — CVSS 7.5 (high): Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a…
CVE-2011-3453 — CVSS 7.5 (high): Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2006-1469 — CVSS 7.5 (high): Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and…
CVE-2006-1982 — CVSS 7.5 (high): Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit…
CVE-2010-0504 — CVSS 7.5 (high): Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary…
CVE-2011-3446 — CVSS 7.5 (high): Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote…
CVE-2010-0057 — CVSS 7.5 (high): AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote…
CVE-2009-0949 — CVSS 7.5 (high): The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which…
CVE-2009-0946 — CVSS 7.5 (high): Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large…
CVE-2009-0152 — CVSS 7.5 (high): iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are…
CVE-2006-3505 — CVSS 7.5 (high): WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
CVE-2006-4095 — CVSS 7.5 (high): BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which…
CVE-2004-0518 — CVSS 7.5 (high): Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and…
CVE-2010-0524 — CVSS 7.5 (high): The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the…
CVE-2014-1371 — CVSS 7.5 (high): Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect…
CVE-2004-0538 — CVSS 7.5 (high): LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute…
CVE-2004-1086 — CVSS 7.5 (high): Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input…
CVE-2007-0897 — CVSS 7.5 (high): Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a…
CVE-2011-1755 — CVSS 7.5 (high): jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of…
CVE-2010-0533 — CVSS 7.5 (high): Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent…
CVE-2004-1088 — CVSS 7.5 (high): Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying…
CVE-2007-4700 — CVSS 7.5 (high): Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and…
CVE-2011-0230 — CVSS 7.5 (high): Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to…
CVE-2005-0125 — CVSS 7.2 (high): The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files…
CVE-2006-3507 — CVSS 7.2 (high): Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate…
CVE-2006-3508 — CVSS 7.2 (high): Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial…
CVE-2006-3509 — CVSS 7.2 (high): Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a…
CVE-2008-0055 — CVSS 7.2 (high): Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the…
CVE-2010-0509 — CVSS 7.2 (high): SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group…
CVE-2005-2504 — CVSS 7.2 (high): The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the…
CVE-2007-5860 — CVSS 7.2 (high): Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output…
CVE-2005-1722 — CVSS 7.2 (high): Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands…
CVE-2011-3463 — CVSS 7.2 (high): WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges…
CVE-2004-0514 — CVSS 7.2 (high): Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
CVE-2005-3701 — CVSS 7.2 (high): Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows…
CVE-2009-0011 — CVSS 7.2 (high): Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure…
CVE-2009-1238 — CVSS 7.2 (high): Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to…
CVE-2009-2807 — CVSS 7.2 (high): Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified…
CVE-2003-0171 — CVSS 7.2 (high): DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to…
CVE-2007-4269 — CVSS 7.2 (high): Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a…
CVE-2009-1235 — CVSS 7.2 (high): XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL…
CVE-2010-1375 — CVSS 7.2 (high): NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local…
CVE-2006-3500 — CVSS 7.2 (high): The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that…
CVE-2007-4685 — CVSS 7.2 (high): The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the…
CVE-2007-4686 — CVSS 7.2 (high): Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local…
CVE-2009-0017 — CVSS 7.2 (high): csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local…
CVE-2009-0151 — CVSS 7.2 (high): The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically…
CVE-2005-2741 — CVSS 7.2 (high): Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights…
CVE-2003-1006 — CVSS 7.2 (high): Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to…