National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.7
There are 2,999 matching records.
Displaying matches 2961 through 2980.
Vuln ID Summary CVSS Severity
CVE-2009-3282

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Published: October 16, 2009; 12:30:00 PM -04:00
    V2: 7.8 HIGH
CVE-2009-3281

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

Published: October 16, 2009; 12:30:00 PM -04:00
    V2: 7.2 HIGH
CVE-2009-3692

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Published: October 13, 2009; 06:30:00 AM -04:00
    V2: 7.2 HIGH
CVE-2009-2205

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Published: September 09, 2009; 06:30:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

Published: August 12, 2009; 03:30:00 PM -04:00
    V2: 7.1 HIGH
CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

Published: August 12, 2009; 03:30:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2009-2195

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

Published: August 12, 2009; 03:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2009-2194

Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2009-2193

Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2009-2192

MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2009-2191

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2009-2190

launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 7.8 HIGH
CVE-2009-2188

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2009-1728

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-1727

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2009-1726

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

Published: August 06, 2009; 12:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2009-1723

CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.

Published: August 06, 2009; 11:30:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2009-0151

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

Published: August 06, 2009; 11:30:00 AM -04:00
    V2: 7.2 HIGH
CVE-2009-1719

The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.

Published: June 16, 2009; 07:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2007-6722

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

Published: March 31, 2009; 01:30:00 PM -04:00
    V2: 5.0 MEDIUM