National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.4
There are 3,066 matching records.
Displaying matches 3021 through 3040.
Vuln ID Summary CVSS Severity
CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

Published: October 01, 2008; 11:38:32 AM -04:00
    V2: 5.0 MEDIUM
CVE-2008-3638

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

Published: September 26, 2008; 12:21:44 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

Published: September 26, 2008; 12:21:43 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3622

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-3621

VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3619

Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 2.1 LOW
CVE-2008-3618

The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.0 HIGH
CVE-2008-3617

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 10.0 HIGH
CVE-2008-3613

Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 6.1 MEDIUM
CVE-2008-3610

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 7.6 HIGH
CVE-2008-3609

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 7.2 HIGH
CVE-2008-3608

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2332

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-2329

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

Published: September 16, 2008; 07:00:00 PM -04:00
    V2: 1.9 LOW
CVE-2008-2305

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

Published: September 16, 2008; 07:00:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3629

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Published: September 10, 2008; 09:13:09 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-3624

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

Published: September 10, 2008; 09:13:09 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Published: August 06, 2008; 02:41:00 PM -04:00
    V2: 4.3 MEDIUM