Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.5.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3609 |
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-3608 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2332 |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2331 |
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. Published: September 16, 2008; 7:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-2329 |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Published: September 16, 2008; 7:00:00 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2008-2305 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." Published: September 16, 2008; 7:00:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3529 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Published: September 12, 2008; 12:56:20 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3629 |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3624 |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. Published: September 10, 2008; 9:13:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-2939 |
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Published: August 06, 2008; 2:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-2320 |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2321 |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2322 |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-2323 |
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-2325 |
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." Published: August 03, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-3438 |
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Published: August 01, 2008; 10:41:00 AM -0400 |
V3.1: 8.1 HIGH V2.0: 7.5 HIGH |
CVE-2008-0226 |
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. Published: January 10, 2008; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-6166 |
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Published: November 28, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0712 |
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0714 |
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. Published: March 05, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |