Apple: >> Darwin Streaming Server Security Vulnerabilities
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
CVSS Score
10.0
EPSS Score
0.197
Published
2007-05-13
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
CVSS Score
10.0
EPSS Score
0.197
Published
2007-05-13
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-07-18
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-01-10
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
CVSS Score
7.5
EPSS Score
0.019
Published
2004-12-03
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-02
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
CVSS Score
5.0
EPSS Score
0.005
Published
2004-12-02
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-02
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
CVSS Score
7.5
EPSS Score
0.031
Published
2004-12-02
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-02
Page 1