Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.5
There are 3,278 matching records.
Displaying matches 3,241 through 3,260.
Vuln ID Summary CVSS Severity
CVE-2008-4222

natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2008-4221

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-4220

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-4219

The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2008-4218

Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-4217

Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.

Published: December 16, 2008; 8:30:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-4214

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2008-4212

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-4211

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-3647

Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3646

The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3645

Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

Published: October 10, 2008; 6:30:04 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-3643

Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."

Published: October 10, 2008; 6:30:04 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2008-3642

Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

Published: October 10, 2008; 6:30:04 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-4491

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

Published: October 08, 2008; 2:00:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

Published: October 01, 2008; 11:38:32 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-3638

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

Published: September 26, 2008; 12:21:44 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

Published: September 26, 2008; 12:21:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Published: August 06, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-2934

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

Published: July 18, 2008; 12:41:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM