Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.4.5
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-0430 |
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. Published: January 22, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2006-6906 |
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. Published: December 31, 2006; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-5681 |
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. Published: December 19, 2006; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-6652 |
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. Published: December 19, 2006; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2006-4396 |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-4398 |
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4400 |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4401 |
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4402 |
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4403 |
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-4404 |
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-4406 |
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4408 |
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4409 |
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4410 |
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4411 |
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4412 |
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6173 |
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4387 |
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Published: October 03, 2006; 12:02:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-4390 |
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. Published: October 03, 2006; 12:02:00 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |