Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x_server:10.5.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1755 |
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Published: June 20, 2011; 10:52:43 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2011-0188 |
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Published: March 22, 2011; 10:00:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0183 |
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." Published: March 22, 2011; 10:00:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0182 |
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. Published: March 22, 2011; 10:00:05 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-0181 |
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0180 |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-0179 |
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0178 |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-0177 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0176 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0175 |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0174 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-0173 |
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. Published: March 22, 2011; 10:00:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-1417 |
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. Published: March 11, 2011; 12:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3826 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:19 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3824 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements. Published: November 22, 2010; 8:00:19 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3823 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415. Published: November 22, 2010; 8:00:19 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3822 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:19 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3821 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3820 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |