Apple Mac Os X Server vulnerabilities

CVE-2004-0515 [MEDIUM] CVE-2004-0515: Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files. Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."

CVE-2004-0516 [MEDIUM] CVE-2004-0516: Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vul Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.

CVE-2004-0517 [MEDIUM] CVE-2004-0517: Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package install Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.

CVE-2004-0539 [CRITICAL] CVE-2004-0539: The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute down The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.

CVE-2004-0538 [HIGH] CVE-2004-0538: LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.

CVE-2004-0486 [HIGH] CVE-2004-0486: HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.

CVE-2004-0430 [MEDIUM] CVE-2004-0430: Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attacke Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.

CVE-2004-0428 [MEDIUM] CVE-2004-0428: Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "t Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.

CVE-2003-1009 [CRITICAL] CVE-2003-1009: Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 t Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.

CVE-2003-1006 [HIGH] CVE-2003-1006: Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.

CVE-2003-0601 [HIGH] CVE-2003-0601: Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.

CVE-2003-1008 [MEDIUM] CVE-2003-1008: Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver lo Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.

CVE-2003-1007 [MEDIUM] CVE-2003-1007: AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.

CVE-2004-0168 [CRITICAL] CVE-2004-0168: Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."

CVE-2004-0167 [HIGH] CVE-2004-0167: DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.

CVE-2004-0165 [MEDIUM] CVE-2004-0165: Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

CVE-2004-0166 [MEDIUM] CVE-2004-0166: Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in t Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."

CVE-2003-1005 [MEDIUM] CVE-2003-1005: The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of ser The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.

CVE-2003-0975 [MEDIUM] CVE-2003-0975: Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

CVE-2003-0913 [MEDIUM] CVE-2003-0913: Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "u Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."